Centreon GetXMLTrapsForVendor.php 'mnftr_id' Parameter SQLi

critical Nessus Plugin ID 80226

Synopsis

The remote web server contains a PHP application that is affected by a SQL injection vulnerability.

Description

The Centreon application installed on the remove host is affected by a SQL injection vulnerability because the application fails to properly sanitize user-supplied input to the 'mnftr_id' parameter of the 'GetXMLTrapsForVendor.php' script. A remote, unauthenticated attacker can exploit this issue to execute arbitrary SQL statements against the back-end database, leading to the execution of arbitrary code, manipulation of data, or the disclosure of arbitrary data.

Note that the application is also reportedly affected by additional SQL injection vulnerabilities as well as a remote command injection vulnerability, however Nessus has not tested for these issues.

Solution

Upgrade to Centreon 2.5.3 or later.

See Also

https://seclists.org/fulldisclosure/2014/Oct/78

https://github.com/centreon/

Plugin Details

Severity: Critical

ID: 80226

File Name: centreon_mnftr_id_sqli.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 12/23/2014

Updated: 5/30/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-3828

Vulnerability Information

CPE: cpe:/a:centreon:centreon, cpe:/a:merethis:centreon

Required KB Items: www/PHP, installed_sw/Centreon

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/15/2014

Vulnerability Publication Date: 10/15/2014

Exploitable With

Metasploit (Centreon SQL and Command Injection)

Reference Information

CVE: CVE-2014-3828

BID: 70648

CERT: 298796