SQL Injection Vulnerability in Centreon Web by Centreon
CVE-2019-15300

8.8HIGH

Key Information:

Vendor

Centreon

Status
Centreon Web
Vendor
CVE Published:
27 November 2019

What is CVE-2019-15300?

An authenticated SQL injection vulnerability exists in the Centreon Web product, affecting versions up to 19.04.3. The issue is found within the 'ldap_host.php' file where the 'arId' parameter lacks proper filtering before being utilized in SQL queries. This oversight can allow malicious users to manipulate SQL commands, potentially compromising the application's data integrity and security settings.

References

https://www.certilience.fr/2019/08/CVE-2019-15300-vulnera...
x_refsource_MISC
https://documentation.centreon.com/docs/centreon/en/lates...
x_refsource_MISC
https://github.com/centreon/centreon/pull/8008
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.