Sql injection

2021-08-0316:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.

CPENameOperatorVersion
centreonlt20.04.14
centreonge21.04.0
centreonlt21.04.2
centreonge20.10.0
centreonlt20.10.8

Name	Operator	Version
centreon	lt	20.04.14
centreon	ge	21.04.0
centreon	lt	21.04.2
centreon	ge	20.10.0
centreon	lt	20.10.8

References

github.com/centreon/centreon/pull/9781

www.synacktiv.com/sites/default/files/2021-07/Centreon_Multiple_vulnerabilities_0.pdf