Centreon And Centreon Enterprise Server Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

Centreon and Centreon Enterprise Server are prone to multiple SQL- injection vulnerabilities.

Impact

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Updates are available

Insight

Centreon fails to sufficiently sanitize user-supplied data.

Affected

The following products are vulnerable: Centreon 2.5.1 and prior versions Centreon Enterprise Server 2.2 and prior versions

Detection

Send a special crafted HTTP GET request and check the response.

References

http://www.centreon.com/
http://www.securityfocus.com/bid/70648
http://www.securityfocus.com/bid/70649

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3828, CVE-2014-3829
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Tomcat /servlet Cross Site Scripting
AdPeeps 'index.php' Multiple Vulnerabilities.
Advantech WebAccess Multiple Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities
ASP Inline Corporate Calendar SQL injection

Centreon and Centreon Enterprise Server Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities