CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-3828

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile11.46th
Published2014年10月23日
Last Modified2026年5月6日

Vulnerability Description

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.

Affected Platforms (CPE)

📦
Merethis

Centreon

= 2.5.1
📦
Merethis

Centreon Enterprise Server

= 2.2

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Oct/78
🔗 http://www.kb.cert.org/vuls/id/298796
🔗 http://www.securityfocus.com/bid/70648
🔗 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html
🔗 https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde
🔗 http://seclists.org/fulldisclosure/2014/Oct/78
🔗 http://www.kb.cert.org/vuls/id/298796
🔗 http://www.securityfocus.com/bid/70648

相关漏洞威胁

CVE-2014-382910.0

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attacker...

CVE-2009-436810.0

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) tra...

CVE-2018-115899.8

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in ...

CVE-2018-115879.8

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in cen...