CVE-2012-5967

Merethis Centreon - SQL Injection

Title source: rule

Description

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

Exploits (1)

exploitdb WORKING POC

by modpr0be · pythonwebappsphp

https://www.exploit-db.com/exploits/23362

View Code ZIP pw:eip

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://forge.centreon.com/projects/centreon/repository/revisions/13749

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/856892

Patch x_refsource_confirm

https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617

Scores

EPSS 0.0022

EPSS Percentile 44.2%

Details

CWE

CWE-89

Status published

Products (10)

Centreon/Centreon 2.3.3 through 2.3.9-4

Centreon/Centreon web fixed in 2.6.0

merethis/centreon 2.3.3

merethis/centreon 2.3.4

merethis/centreon 2.3.5

merethis/centreon 2.3.6

merethis/centreon 2.3.7

merethis/centreon 2.3.8

merethis/centreon 2.3.9

merethis/centreon 2.3.9-4

Published Dec 19, 2012

Tracked Since Feb 18, 2026