Test Kennung:	1.3.6.1.4.1.25623.1.0.805974
Kategorie:	Web application abuses
Titel:	Centreon Multiple Vulnerabilities - Sep15
Zusammenfassung:	This host is running Centreon and is prone; to multiple vulnerabilities.
Beschreibung:	Summary: This host is running Centreon and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist as, - Input passed via GET parameter 'sid' is not validated before passing to common-Func.php script. - Input passed via parameters 'ns_id' and 'end' is not validated before passing to getStats.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: Centreon version 2.5.4 and earlier. Solution: Upgrade to latest version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 75602 BugTraq ID: 75605 Common Vulnerability Exposure (CVE) ID: CVE-2015-1560 Bugtraq: 20150708 Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution (Google Search) http://www.securityfocus.com/archive/1/535961/100/0/threaded http://packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.html https://github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4 Common Vulnerability Exposure (CVE) ID: CVE-2015-1561 https://github.com/centreon/centreon/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98a#diff-27550b563fa8d660b64bca871a219cb1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.