VYPR
Unrated severityNVD Advisory· Published Oct 23, 2014· Updated Jun 17, 2026

CVE-2014-3828

CVE-2014-3828

Description

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Centreon/Centreon2 versions
    cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*
    • (no CPE)range: 2.5.1
  • cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*
    • (no CPE)range: 2.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.