CVE-2012-5967

2012-12-1911:55:56

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-5967

sql injection

centreon

menuxml.php

nvd

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.4%

JSON

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

Affected configurations

NVD

Node

merethiscentreonMatch2.3.3

merethiscentreonMatch2.3.4

merethiscentreonMatch2.3.5

merethiscentreonMatch2.3.6

merethiscentreonMatch2.3.7

merethiscentreonMatch2.3.8

merethiscentreonMatch2.3.9

merethiscentreonMatch2.3.9-4

CPENameOperatorVersion
merethis:centreonmerethis centreoneq2.3.3
merethis:centreonmerethis centreoneq2.3.4
merethis:centreonmerethis centreoneq2.3.5
merethis:centreonmerethis centreoneq2.3.6
merethis:centreonmerethis centreoneq2.3.7
merethis:centreonmerethis centreoneq2.3.8
merethis:centreonmerethis centreoneq2.3.9
merethis:centreonmerethis centreoneq2.3.9-4

CPE	Name	Operator	Version
merethis:centreon	merethis centreon	eq	2.3.3
merethis:centreon	merethis centreon	eq	2.3.4
merethis:centreon	merethis centreon	eq	2.3.5
merethis:centreon	merethis centreon	eq	2.3.6
merethis:centreon	merethis centreon	eq	2.3.7
merethis:centreon	merethis centreon	eq	2.3.8
merethis:centreon	merethis centreon	eq	2.3.9
merethis:centreon	merethis centreon	eq	2.3.9-4

CNA Affected

[
  {
    "product": "Centreon",
    "vendor": "Centreon",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.3 through 2.3.9-4"
      }
    ]
  },
  {
    "product": "Centreon web",
    "vendor": "Centreon",
    "versions": [
      {
        "status": "affected",
        "version": "fixed in 2.6.0"
      }
    ]
  }
]