Unrated severityNVD Advisory· Published Oct 23, 2014· Updated May 6, 2026

CVE-2014-3828

Description

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.

Affected products

Centreon/Centreon
cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*
Centreon/Centreon Enterprise Server
cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2014/Oct/78nvdExploit
www.securityfocus.com/bid/70648nvdExploit
www.kb.cert.org/vuls/id/298796nvdThird Party AdvisoryUS Government Resource
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.htmlnvd
github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.063
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000