CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-11589

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile28.09th
Published2018年6月25日
Last Modified2024年11月21日

Vulnerability Description

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

Affected Platforms (CPE)

📦
Centreon

Centreon

= 3.4.6
📦
Centreon

Centreon Web

= 2.8.23

References & Advisories

🔗 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
🔗 https://github.com/centreon/centreon/pull/6250
🔗 https://github.com/centreon/centreon/pull/6251
🔗 https://github.com/centreon/centreon/pull/6255
🔗 https://github.com/centreon/centreon/pull/6256
🔗 https://github.com/centreon/centreon/pull/6257
🔗 https://github.com/centreon/centreon/releases
🔗 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html

関連する脆弱性情報

CVE-2014-382810.0

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow re...

CVE-2014-382910.0

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attacker...

CVE-2009-436810.0

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) tra...

CVE-2018-210259.8

In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights o...