Vulnerability Note VU#856892
Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.
Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. The vulnerability is found within the menuXML.php file inside the 'menu' parameter. It was reported that by injecting a payload after the menu parameter, for example ' AND SLEEP(5) AND 'meHL'='meHL, the web application hung for 5 seconds.
A remote authenticated attacker may be able to run a subset of SQL commands against the back-end database.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Centreon||Affected||09 Nov 2012||07 Dec 2012|
CVSS Metrics (Learn More)
Thanks to Tom Gregory of Spentera for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-5967
- Date Public: 12 Dec 2012
- Date First Published: 12 Dec 2012
- Date Last Updated: 12 Dec 2012
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.