ID de Prueba:	1.3.6.1.4.1.25623.1.0.805974
Categoría:	Web application abuses
Título:	Centreon Multiple Vulnerabilities (Sep 2015)
Resumen:	Centreon is prone to multiple vulnerabilities.
Descripción:	Summary: Centreon is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Input passed via GET parameter 'sid' is not validated before passing to the common-Func.php script. - Input passed via parameters 'ns_id' and 'end' is not validated before passing to the getStats.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: Centreon version 2.5.4 and prior. Solution: Update to latest version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1560 Bugtraq: 20150708 Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution (Google Search) http://www.securityfocus.com/archive/1/535961/100/0/threaded http://packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.html https://github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4 Common Vulnerability Exposure (CVE) ID: CVE-2015-1561 https://github.com/centreon/centreon/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98a#diff-27550b563fa8d660b64bca871a219cb1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.