Home > Vulnerability Database > CVE-2015-1560

Mend.io Vulnerability Database

CVE-2015-1560

Good to know:

Date: July 14, 2015

SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.

Language: PHP

Severity Score

7.3

Related Resources (6)

Url: http://packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.html

Url: https://github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4

Url: https://forge.centreon.com/projects/centreon/repository/revisions/d14f213b9c60de1bad0b464fd6403c828cf12582

Url: http://www.securityfocus.com/archive/1/535961/100/0/threaded

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-1560

Url: https://www.mend.io/vulnerability-database/CVE-2015-1560

Severity Score

7.3

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version 2.7.0

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-1560

Good to know:

Date: July 14, 2015

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?