Vulnerability Note VU#856892

Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.

Original Release date: 12 Dec 2012 | Last revised: 12 Dec 2012

Overview

Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability.

Description

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. The vulnerability is found within the menuXML.php file inside the 'menu' parameter. It was reported that by injecting a payload after the menu parameter, for example '  AND SLEEP(5) AND 'meHL'='meHL, the web application hung for 5 seconds.

Impact

A remote authenticated attacker may be able to run a subset of SQL commands against the back-end database.

Solution

Update

The vendor has stated that this vulnerability has been addressed in Centreon 2.4.0. Users are advised to update to Centreon 2.4.0 or newer.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CentreonAffected09 Nov 201207 Dec 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 6.3 AV:N/AC:M/Au:S/C:C/I:N/A:N
Temporal 4.8 E:U/RL:U/RC:UC
Environmental 1.3 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Tom Gregory of Spentera for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2012-5967
  • Date Public: 12 Dec 2012
  • Date First Published: 12 Dec 2012
  • Date Last Updated: 12 Dec 2012
  • Document Revision: 10

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.