Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Centreon SQL注入漏洞
Vulnerability Description
Centreon(Merethis Centreon)是法国Centreon公司的一套开源的系统监控工具 。该产品主要提供对网络、系统和应用程序等资源的监控功能。 Centreon MediaWiki 脚本中存在安全漏洞,该漏洞允许远程未经身份验证的攻击者通过 host_name 和 service_description 参数执行任意 SQL 命令。以下产品和版本受到影响:20.04.14、20.10.8 和 21.04.2 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A