What is CVE-2014-3828?

CVE-2014-3828 is a vulnerability in Merethis Centreon, classified under SQL Injection. Published 2014-10-23.

Is CVE-2014-3828 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Merethis Centreon

CVE-2014-3828

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXM…

Vulnerability class: SQL Injection

EPSS: 0.786 (99.1th percentile) — read the EPSS interpretation.

Affected products

Merethis Centreon — versions 2.5.1
Merethis Centreon_enterprise_server — versions 2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 (mailing-list, Exploit, x_refsource_FULLDISC)
VU#298796 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
70648 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-3828?: CVE-2014-3828 is a vulnerability in Merethis Centreon, classified under SQL Injection. Published 2014-10-23.
Is CVE-2014-3828 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.