CVE-2018-19281
Description
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Centreon 3.4.x before 18.10.0 and Centreon web before 2.8.27 are vulnerable to SQL injection in SNMP trap handling, allowing remote attackers to execute arbitrary SQL commands.
Vulnerability
Centreon 3.4.x allows SQL injection via the SNMP trap handling module. By sending a specially crafted SNMP trap, an attacker can inject arbitrary SQL commands into the Centreon database. The issue is fixed in Centreon 18.10.0 and Centreon web 2.8.27 [1][3].
Exploitation
An attacker with network access to the Centreon server's SNMP trap receiver can craft a malicious SNMP trap containing SQL injection payloads. No prior authentication is required to send SNMP traps, making the attack remotely exploitable. The fix was implemented in pull request #7069 [4].
Impact
Successful SQL injection can lead to disclosure, modification, or deletion of sensitive data stored in the Centreon database. Depending on database privileges, this may enable privilege escalation or further compromise of the monitoring infrastructure.
Mitigation
Upgrade to Centreon 18.10.0 or Centreon web 2.8.27, which contain the fix [1][3]. No workaround is documented. The fix is detailed in pull request #7069 [4].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
centreon/centreonPackagist | >= 18.0.0, < 18.10.0 | 18.10.0 |
centreon/centreonPackagist | >= 2.8, < 2.8.27 | 2.8.27 |
Affected products
3- Range: <2.8.27
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-w2xf-4gg9-87wrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19281ghsaADVISORY
- documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.htmlghsax_refsource_CONFIRMWEB
- documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.27.htmlghsax_refsource_CONFIRMWEB
- github.com/centreon/centreon-archived/pull/6627ghsaWEB
- github.com/centreon/centreon-archived/pull/7069ghsaWEB
- github.com/centreon/centreon/pull/6627mitrex_refsource_CONFIRM
- github.com/centreon/centreon/pull/7069mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.