Lucene search

[email protected]CVE-2015-1560

HistoryJul 14, 2015 - 4:59 p.m.

CVE-2015-1560

2015-07-1416:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-1560

sql injection

centreon

vulnerability

nvd

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.

CPENameOperatorVersion
centreon:centreoncentreonle2.5.4

CPE	Name	Operator	Version
centreon:centreon	centreon	le	2.5.4

References

packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.html

www.securityfocus.com/archive/1/535961/100/0/threaded

forge.centreon.com/projects/centreon/repository/revisions/d14f213b9c60de1bad0b464fd6403c828cf12582

github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for CVE-2015-1560

prion1 nessus1 cvelist1 zdt1 exploitpack1 packetstorm1 securityvulns2 openvas1 exploitdb1