{"vuid":"VU#856892","idnumber":"856892","name":"Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.","keywords":["centreon","sqli","cwe-89"],"overview":"Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability.","clean_desc":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nCentreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. The vulnerability is found within the menuXML.php file inside the 'menu' parameter. It was reported that by injecting a payload after the menu parameter, for example '  AND SLEEP(5) AND 'meHL'='meHL, the web application hung for 5 seconds.","impact":"A remote authenticated attacker may be able to run a subset of SQL commands against the back-end database.","resolution":"Update The vendor has stated that this vulnerability has been addressed in Centreon 2.4.0. Users are advised to update to Centreon 2.4.0 or newer.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Tom Gregory of Spentera for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://cwe.mitre.org/data/definitions/89.html","http://www.centreon.com/Content-Download/donwload-centreon","http://forge.centreon.com/projects/centreon/repository/revisions/13749"],"cveids":["CVE-2012-5967"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-10-25T13:19:23Z","publicdate":"2012-12-12T00:00:00Z","datefirstpublished":"2012-12-12T12:37:09Z","dateupdated":"2012-12-12T12:37:10Z","revision":10,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.3","cvss_basevector":"AV:N/AC:M/Au:S/C:C/I:N/A:N","cvss_temporalscore":"4.8","cvss_environmentalscore":"1.3","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}