The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Centreon: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Centreon.
Vulnerable systems: Centreon Web.
Severity of this threat: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 20/10/2014.
Références of this weakness: CVE-2014-3828, CVE-2014-3829, VIGILANCE-VUL-15506, VU#298796.

Description of the vulnerability 

Several vulnerabilities were announced in Centreon.

An attacker can use a SQL injection in GetXMLTrapsForVendor.php, in order to read or alter data. [severity:3/4; CVE-2014-3828]

An attacker can use a SQL injection in cmdGetExample.php, in order to read or alter data. [severity:3/4; CVE-2014-3828]

An attacker can use a SQL injection in GetXmlTree.php, in order to read or alter data. [severity:2/4; CVE-2014-3828]

An attacker can use a SQL injection in displayServiceStatus.php, in order to read or alter data. [severity:2/4; CVE-2014-3828]

An attacker can use a SQL injection in makeXML_ListMetrics.php, in order to read or alter data. [severity:2/4; CVE-2014-3828]

An attacker can make Centreon run an arbitrary shell command via the page displayServiceStatus.php, in order to execute code. [severity:3/4; CVE-2014-3829]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security alert impacts software or systems such as Centreon Web.

Our Vigil@nce team determined that the severity of this security weakness is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 6 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this security announce.

Solutions for this threat 

Centreon: version 2.5.3.
The version 2.5.3 is fixed:
  http://www.centreon.com/Content-Download/download-centreon-stable-archive
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities.