CVE-2018-11589

Опубликовано: 25 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

Ссылки

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
Release Notes
Vendor Advisory
https://github.com/centreon/centreon/pull/6250
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6251
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6255
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6256
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6257
Patch
Third Party Advisory
https://github.com/centreon/centreon/releases
Third Party Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
Release Notes
Vendor Advisory
https://github.com/centreon/centreon/pull/6250
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6251
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6255
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6256
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/6257
Patch
Third Party Advisory
https://github.com/centreon/centreon/releases
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:centreon:centreon_web:2.8.23:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00156

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c22h-75xf-5xm9