Published: 19/12/2012 Updated: 29/07/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 up to and including 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merethis centreon 2.3.3
merethis centreon 2.3.5
merethis centreon 2.3.9-4
merethis centreon 2.3.6
merethis centreon 2.3.7
merethis centreon 2.3.8
merethis centreon 2.3.9
merethis centreon 2.3.4

#!/usr/bin/env python # Exploit Title: Centreon 233 - 239-4 menuXMLphp Blind SQL Injection Exploit # Disclosure Date: December 12, 2012 # Author: modpr0be (@modpr0be) # Platform: Linux # Tested on: Centreon Enterprise Server with Centreon 239-4 on CentOS 55 x86_64 (Final) # Software Link: wwwcentreoncom/Content-Download/download-c ...

Centreon versions 233 through 239-4 menuXMLphp remote blind SQL injection exploit ...

CWE-89 http://www.kb.cert.org/vuls/id/856892 http://forge.centreon.com/projects/centreon/repository/revisions/13749 https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617 https://nvd.nist.gov https://www.exploit-db.com/exploits/23362/https://www.kb.cert.org/vuls/id/856892

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5967

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect