CVE-2012-5967

Centreon 2.3.3-2.3.9-4 - Authenticated SQL Injection via menuXML.php menu Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5967. PoCs published by modpr0be.

AI-analyzed exploit summary This exploit demonstrates a time-based blind SQL injection vulnerability in Centreon 2.3.3 to 2.3.9-4 via the 'menu' parameter in menuXML.php. It extracts the admin password hash by leveraging conditional delays in SQL queries.

Description

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

Exploits (1)

exploitdb WORKING POC
by modpr0be · pythonwebappsphp
https://www.exploit-db.com/exploits/23362

This exploit demonstrates a time-based blind SQL injection vulnerability in Centreon 2.3.3 to 2.3.9-4 via the 'menu' parameter in menuXML.php. It extracts the admin password hash by leveraging conditional delays in SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Centreon 2.3.3 - 2.3.9-4
Auth required
Prerequisites: Valid PHPSESSID session cookie · Network access to the target Centreon instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0331
EPSS Percentile 87.0%

Details

CWE
CWE-89
Status published
Products (10)
Centreon/Centreon 2.3.3 through 2.3.9-4
Centreon/Centreon web fixed in 2.6.0
merethis/centreon 2.3.3
merethis/centreon 2.3.4
merethis/centreon 2.3.5
merethis/centreon 2.3.6
merethis/centreon 2.3.7
merethis/centreon 2.3.8
merethis/centreon 2.3.9
merethis/centreon 2.3.9-4
Published Dec 19, 2012
Tracked Since Feb 18, 2026