CVE-2018-19312

Vulnerability

Centreon versions 3.4.x are vulnerable to SQL Injection through the searchVM parameter passed to the main.php?p=20408 URI. The flaw exists in the handling of virtual metric queries, where user-supplied input is not properly sanitized before being used in SQL statements. This affects Centreon 3.4.x and was fixed in Centreon 18.10.0 and Centreon Web 2.8.24 [1][3][4].

Exploitation

An attacker must be authenticated to the Centreon web interface. The attack is carried out by sending a crafted HTTP request to the vulnerable endpoint (main.php?p=20408) with a malicious searchVM parameter. The injection occurs when the application processes the input to retrieve virtual metric information [1]. No additional privileges or user interaction beyond authentication are required.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the underlying database. Depending on the database configuration, this could lead to unauthorized reading or modification of sensitive data, privilege escalation, or potentially complete compromise of the Centreon application [1]. The attacker gains the same privileges as the database user used by the application.

Mitigation

The vulnerability is fixed in Centreon 18.10.0 and Centreon Web 2.8.24, both released on November 16, 2018 [1][2]. Users running Centreon 3.4.x should upgrade immediately to one of these versions. If upgrading is not immediately possible, administrators should restrict access to the vulnerable endpoint to trusted users only. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.