SQL Injection Vulnerability in Centreon 2.3.3 to 2.3.9-4 by Centreon
CVE-2012-5967

Currently unrated

Key Information:

Vendor: Centreon
Status: Centreon; Centreon Web
Vendor: CVE Published:; 19 December 2012

What is CVE-2012-5967?

An SQL injection vulnerability exists in the menuXML.php file of Centreon, versions 2.3.3 to 2.3.9-4, allowing remote authenticated users to manipulate SQL queries by injecting arbitrary SQL commands through the menu parameter. This flaw can lead to unauthorized data access and alterations within the Centreon database, emphasizing the need for timely updates and robust security measures.

Affected Version(s)

Centreon 2.3.3 through 2.3.9-4

Centreon web fixed in 2.6.0

References

http://www.kb.cert.org/vuls/id/856892

third-party-advisoryx_refsource_CERT-VN

http://forge.centreon.com/projects/centreon/repository/re...

x_refsource_MISC

https://github.com/centreon/centreon/commit/434e291eebcd8...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2012
Vulnerability Reserved
Nov 21, 2012

CVE-2012-5967 Data

JSON