SQL Injection in Centreon

CVE-2012-5967

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

Vulnerability class: SQL Injection

EPSS: 0.002 (44.4th percentile) — read the EPSS interpretation.

Affected products

Centreon — versions 2.3.3 through 2.3.9-4
Centreon Web — versions fixed in 2.6.0
Merethis Centreon — versions 2.3.3, 2.3.4, 2.3.5

Weakness classification (CWE)

CWE-89 — SQL Injection

References

VU#856892 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)