PT-2021-4022 · Centreon · Centreon
Published
2021-04-02
·
Updated
2021-08-10
·
CVE-2021-37556
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Centreon versions prior to 20.04.14
Centreon versions prior to 20.10.8
Centreon versions prior to 21.04.2
Description
A SQL injection vulnerability in the reporting export function of Centreon allows remote authenticated attackers with low privileges to execute arbitrary SQL commands. This is achieved via the
start and end parameters in the include/reporting/dashboard/csvExport/csv HostGroupLogs.php script.Recommendations
For versions prior to 20.04.14, update to version 20.04.14 or later.
For versions prior to 20.10.8, update to version 20.10.8 or later.
For versions prior to 21.04.2, update to version 21.04.2 or later.
As a temporary workaround, consider restricting access to the
include/reporting/dashboard/csvExport/csv HostGroupLogs.php script until a patch is applied. Avoid using the start and end parameters in the affected script until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centreon