CVE-2018-11589

critical

Description

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

References

Advisories
More

https://github.com/centreon/centreon/releases

https://github.com/centreon/centreon/pull/6257

https://github.com/centreon/centreon/pull/6256

https://github.com/centreon/centreon/pull/6255

https://github.com/centreon/centreon/pull/6251

https://github.com/centreon/centreon/pull/6250

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html

Details

Source: Mitre, NVD

Published: 2018-06-25

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00175