CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11589

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile28.09th
PublishedJun 25, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

Affected Platforms (CPE)

πŸ“¦
Centreon

Centreon

= 3.4.6
πŸ“¦
Centreon

Centreon Web

= 2.8.23

References & Advisories

πŸ”— https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
πŸ”— https://github.com/centreon/centreon/pull/6250
πŸ”— https://github.com/centreon/centreon/pull/6251
πŸ”— https://github.com/centreon/centreon/pull/6255
πŸ”— https://github.com/centreon/centreon/pull/6256
πŸ”— https://github.com/centreon/centreon/pull/6257
πŸ”— https://github.com/centreon/centreon/releases
πŸ”— https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html

Related Vulnerabilities

CVE-2014-382810.0

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow re...

CVE-2014-382910.0

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attacker...

CVE-2009-436810.0

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) tra...

CVE-2018-210259.8

In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights o...