CVE-2019-15300

Name of the Vulnerable Software and Affected Versions Centreon Web versions through 19.04.3

Description A problem was found in Centreon Web where an authenticated SQL injection is present. This issue is located in the page "include/Administration/parameters/ldap/xml/ldap host.php". The arId parameter is not properly filtered before being passed to the SQL query.

Recommendations For Centreon Web versions through 19.04.3, as a temporary workaround, consider restricting access to the "include/Administration/parameters/ldap/xml/ldap host.php" page until a patch is available. Avoid using the arId parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.