The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Centreon: SQL injection via an HTTP request

Synthesis of the vulnerability 

An attacker can insert SQL statements into a parameter of an HTTP request, in order to bypass access control to the database.
Impacted software: Centreon Web.
Severity of this computer vulnerability: 2/4.
Creation date: 13/12/2012.
Références of this announce: BID-56911, CVE-2012-5967, VIGILANCE-VUL-12232, VU#856892.

Description of the vulnerability 

The product Centreon includes a Web application.

The page menuXML.php defines a query parameter named menu. However, the application does not rightly validate the value received from the HTTP client, which allows an attacker to modify the statement that the application send.

An attacker can therefore insert SQL statements into a parameter of an HTTP request, in order to bypass access control to the database.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as Centreon Web.

Our Vigil@nce team determined that the severity of this computer weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this computer vulnerability.

Solutions for this threat 

Centreon: version 2.4.0.
The version 2.4.0 is fixed.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities patch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.