CVE-2018-21022

Vulnerability

The makeXML_ListServices.php script in Centreon Web versions prior to 2.8.28 fails to sanitize the host_id parameter, allowing an attacker to inject arbitrary SQL commands. The vulnerable code path is reachable when the script processes a request with a crafted host_id value. [2]

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the makeXML_ListServices.php endpoint with a malicious host_id parameter. No authentication is explicitly mentioned in the description, but typical Centreon deployments may require authentication for this page. The attacker does not need any special privileges beyond network access to the Centreon web interface. [2]

Impact

Successful exploitation allows an attacker to execute arbitrary SQL queries against the Centreon database. This can lead to unauthorized access to sensitive data, modification of database contents, or potential escalation to further attacks such as remote code execution if the database user has sufficient privileges. [2]

Mitigation

The vulnerability is fixed in Centreon Web version 2.8.28. Users should upgrade to this version or later. For deployments on the 18.10 branch, the fix is included in version 18.10.5. No workarounds are documented in the available references. [2]