2 matches found
CVE-2014-3828
Centreon 2.5.1 and Centreon Enterprise Server 2.2 contain SQL injection vulnerabilities (CVE-2014-3828) that are pre-auth and remotely exploitable. The issues arise in multiple PHP components where unsanitized input is used: index_id (views/graphs/common/makeXML_ListMetrics.php), sid (views/graph...
CVE-2014-3829
Centreon 2.5.1 and Centreon Enterprise Server 2.2 are vulnerable to unauthenticated command injection via displayServiceStatus.php, exploiting shell metacharacters in the session_id or template_id parameters (related to the command_line variable). The issue, CVE-2014-3829, is noted as fixed in Ce...