Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
References
Link | Resource |
---|---|
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html | Release Notes Vendor Advisory |
https://github.com/centreon/centreon/pull/6250 | Patch Third Party Advisory |
https://github.com/centreon/centreon/pull/6251 | Patch Third Party Advisory |
https://github.com/centreon/centreon/pull/6255 | Patch Third Party Advisory |
https://github.com/centreon/centreon/pull/6256 | Patch Third Party Advisory |
https://github.com/centreon/centreon/pull/6257 | Patch Third Party Advisory |
https://github.com/centreon/centreon/releases | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-25T18:00:00
Updated: 2018-06-25T17:57:01
Reserved: 2018-05-31T00:00:00
Link: CVE-2018-11589
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-25T18:29:00.330
Modified: 2018-08-28T17:14:03.150
Link: CVE-2018-11589
JSON object: View
Redhat Information
No data.
CWE