VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 8, 2019· Updated Aug 5, 2024

CVE-2018-21021

CVE-2018-21021

Description

img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in img_gantt.php via host_id parameter in Centreon Web before 2.8.27 allows unauthenticated attackers to execute arbitrary SQL commands.

Vulnerability

The img_gantt.php script in Centreon Web versions prior to 2.8.27 is vulnerable to SQL injection. The host_id parameter is not properly sanitized before being used in a SQL query, allowing an attacker to inject arbitrary SQL. This endpoint is accessible without authentication [2].

Exploitation

An attacker can send a crafted HTTP request to img_gantt.php with a malicious host_id parameter containing SQL injection payloads. No prior authentication is required. The request is processed by the vulnerable script, executing the injected SQL commands.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL statements on the Centreon database. This can lead to unauthorized access to sensitive data, including user credentials and monitoring configurations, potentially resulting in full system compromise.

Mitigation

The vulnerability is fixed in Centreon Web version 2.8.27 [2]. Users should upgrade to this version or later. If immediate upgrade is not possible, restrict access to img_gantt.php through web server access controls.

References
  1. security - Multiple vulnerabilities in Centreon-Web and Centreon-VM

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.