CVE-2018-11589

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

Published: Jun 25, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-11589
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
centreon / centreon_web	2.8.23	2.8.23.x
centreon / centreon	3.4.6	3.4.6.x

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
https://github.com/centreon/centreon/pull/6250
https://github.com/centreon/centreon/pull/6251
https://github.com/centreon/centreon/pull/6255
https://github.com/centreon/centreon/pull/6256
https://github.com/centreon/centreon/pull/6257
https://github.com/centreon/centreon/releases

Vulnerability Database

289,697

CVE-2018-11589