Описание
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- PatchThird Party Advisory
- PatchThird Party Advisory
- Not Applicable
- Release Notes
- Release Notes
- Release Notes
- PatchThird Party Advisory
- PatchThird Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия от 2.8.1 (включая) до 2.8.30 (исключая)Версия от 19.04.0 (включая) до 19.04.5 (исключая)Версия от 19.10.0 (включая) до 19.10.2 (исключая)
Одно из
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00281
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
EPSS
Процентиль: 51%
0.00281
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89