Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-37557
Good to know:
Date: August 3, 2021
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89Top Fix
Upgrade Version
Upgrade to version centreon/centreon - dev-MON-7341-fail-on-error;centreon/centreon - dev-MON-5718;centreon/centreon - dev-MON-6601-Implement-dynamic-filter-display;centreon/centreon - dev-MON-6557-new-query-parameters;centreon/centreon - dev-MON-6573-jquery-upgrade-fix-security-before-master;centreon/centreon - dev-dependabot/npm_and_yarn/axios-0.21.2;centreon/centreon - dev-MON-6633-select2;centreon/centreon - dev-cg-tw-patch-3;centreon/centreon - dev-MON-6960-upgrade-20.10;centreon/centreon - dev-MON-6614-php73-build;centreon/centreon - dev-Re-import-translation-for-button-export-in-one-click;centreon/centreon - dev-update-to-20.10.6;centreon/centreon - dev-master-to-develop;centreon/centreon - dev-CP7M12-fix-deprecated-removed-functionality;centreon/centreon - dev-MON-6251-Activation-popup-warning-in-modalDetails;centreon/centreon - dev-poc-module-federation;centreon/centreon - dev-MON-6771-fix;centreon/centreon - dev-MON-6585_Export_Event_logs;centreon/centreon - dev-update-jenkinsfile;centreon/centreon - dev-fix-installation-centos8-stream;centreon/centreon - dev-fully-handle-default-ack-options;centreon/centreon - dev-fix-login;centreon/centreon - dev-upgrade-to-19.10.19;centreon/centreon - dev-MON-7152;centreon/centreon - dev-MON-7168;centreon/centreon - dev-prepare-rn-19.10.19;centreon/centreon - 20.10.8;centreon/centreon - dev-MON-6825-translation;centreon/centreon - dev-MON-5520-28-bis;centreon/centreon - dev-MON-6451-update;centreon/centreon - dev-MON-6860-redirect-to-parent-resource-when-clicked;centreon/centreon - dev-MON-6655-pagination;centreon/centreon - dev-fix-cypress;centreon/centreon - dev-MON-6519-BAM-downtime-from-downtime-page;centreon/centreon - dev-unattented-with-install-wizard;centreon/centreon - dev-anh-unattanded;centreon/centreon - dev-hotfix-MON-XXXXX-index-data;centreon/centreon - dev-update-phpunit;centreon/centreon - dev-MON-6767;centreon/centreon - dev-prepare-web-19.10.21;centreon/centreon - dev-MON-6620-ldap-xss;centreon/centreon - dev-adapt-worflow;centreon/centreon - dev-MON-6988-mod-security;centreon/centreon - dev-enh(unattended)-display-full-log-messages;centreon/centreon - dev-MON-5562-20.10.x-bis;centreon/centreon - dev-TEST-DRAFT;centreon/centreon - dev-refacto-rest-api-v1;centreon/centreon - dev-MON-6752-doc;centreon/centreon - dev-MON-6897;centreon/centreon - dev-dependabot/composer/symfony/serializer-5.3.0;centreon/centreon - dev-MON-4949-dev2110;centreon/centreon - dev-codeowners-jenkinsfile;centreon/centreon - dev-master;centreon/centreon - dev-test-developer-edition;centreon/centreon - dev-dependabot/composer/symfony/validator-5.0.11;centreon/centreon - dev-upgrade-to-20.04.8;centreon/centreon - dev-upgrade-to-20.04.10;centreon/centreon - dev-fix-feature-files-listing;centreon/centreon - dev-refacto-security-arch;centreon/centreon - dev-MON-5789-gorgone-post-command;centreon/centreon - dev-MON-6770-fix-exception;centreon/centreon - dev-prepare-web-19.0.22-rn;centreon/centreon - dev-MON-4379-add-missing-centreonIndexes.json-2.8.x;centreon/centreon - dev-read;centreon/centreon - dev-prepare-19.10.18-rn;centreon/centreon - dev-fixing-jenkinsfile;centreon/centreon - dev-dev-20.10.x;centreon/centreon - dev-MON-6479;centreon/centreon - dev-MON-notification-undefined-centreon;centreon/centreon - dev-double-unstash;centreon/centreon - 21.04.2;centreon/centreon - dev-fix-utc-format;centreon/centreon - dev-pest-phpstan;centreon/centreon - dev-MON-4551-add-widget-sec;centreon/centreon - dev-MON-7059-wrong-legend-name-in-graph;centreon/centreon - dev-MON-6724-handle-long-list-of-pollers;centreon/centreon - dev-MON-5812-parameters-endpoint;centreon/centreon - dev-newHeader;centreon/centreon - dev-MON-5638-fix2;centreon/centreon - dev-MON-6377;centreon/centreon - 20.10.x-dev;centreon/centreon - dev-MON-6789;centreon/centreon - dev-MON-5851-2.8.x;centreon/centreon - dev-improve-webpack-dev-configuration;centreon/centreon - dev-set_public_snmpd_c;centreon/centreon - dev-MON-5812-handle-unit;centreon/centreon - 20.04.x-dev;centreon/centreon - dev-move-to-beta2;centreon/centreon - dev-MON-7156;centreon/centreon - dev-MON-6332-e2e-resources-feature-based-develop;centreon/centreon - dev-missing-provides;centreon/centreon - dev-MON-6869-Add-in-same-card-icon-and-percent-state-change-for-flapping;centreon/centreon - dev-MON-6244-optimize-reporting-sg;centreon/centreon - dev-poc-leak-memory;centreon/centreon - dev-MON-4751-disable-trace;centreon/centreon - dev-mydemo;centreon/centreon - dev-test;centreon/centreon - dev-MON-6210;centreon/centreon - dev-MON-escapeSecure;centreon/centreon - dev-clapi-order;centreon/centreon - dev-dependabot/npm_and_yarn/loader-utils-2.0.3;centreon/centreon - dev-MON-3593;centreon/centreon - dev-remove-add-widget-from-tests;centreon/centreon - dev-psr12-coding-style;centreon/centreon - dev-deliver-api-doc-by-version;centreon/centreon - dev-fix-build-20.10.x;centreon/centreon - dev-MON-6872-displays-points-and-implements-anchor-mechnism;centreon/centreon - dev-MON-7195;centreon/centreon - dev-MON-6235-Add-translation-for-Acknowledge-Downtine-popins-titles-notify-helper;centreon/centreon - dev-revert-10329-MON-11359;centreon/centreon - dev-remove-module-dependencies;centreon/centreon - dev-MON-6650-chip-color;centreon/centreon - 20.04.14;centreon/centreon - dev-MON-4547-remove-handlebars;centreon/centreon - dev-MON-6914-hide-password-meta-service;centreon/centreon - dev-enable-el8-build;centreon/centreon - dev-test-push-git;centreon/centreon - dev-DEVOPS-313-D;centreon/centreon - dev-MON-security-pentesters-POC;centreon/centreon - dev-update-to-20.04.12;centreon/centreon - dev-apply-new-eslint-rules;centreon/centreon - dev-MON-5922-sanitize-host-dashboard-28x;centreon/centreon - dev-MON-6419-remove-checkstyle-trends;centreon/centreon - dev-DEVOPS-automate-dependabot4;centreon/centreon - dev-broken-translation;centreon/centreon - dev-use-new-packages;centreon/centreon - help;centreon/centreon - dev-enh.empty.comment;centreon/centreon - dev-fix-host-configuration-repository;centreon/centreon - dev-MON-6459-fix-export-conf-when-contact-notifications-are-disabled;centreon/centreon - dev-jenkins-scheduling-containers;centreon/centreon - dev-MON-6874-Diverse-export-size-options;centreon/centreon - dev-MON-7022-change-wrong-constant;centreon/centreon - dev-dependabot/npm_and_yarn/html-react-parser-1.4.0;centreon/centreon - dev-5980-traps-regexp;centreon/centreon - dev-MON-4253-check-expired-session;centreon/centreon - dev-MON-6516-empty-parameter-in-lua-output-broker-conf;centreon/centreon - dev-enhance-unattended-logs;centreon/centreon - dev-MON-7098-secure-graph-split-28x;centreon/centreon - dev-fix-memory-limit;centreon/centreon - dev-MON-4800-pollers;centreon/centreon - dev-MON-4908-21.04.x;centreon/centreon - dev-MON-6781-login-date-2-8;centreon/centreon - dev-MON-5666-anomaly-service-not-renamed-in-graph-listing;centreon/centreon - dev-toogl;centreon/centreon - dev-add-technical-writer-for-po-files;centreon/centreon - dev-test-build-20.10;centreon/centreon - dev-separat-codeowners-lines;centreon/centreon - dev-MON-7097-secure-graph-periods-28x;centreon/centreon - dev-SECU-243-clear-SQ-logs;centreon/centreon - dev-upgrade-to-20.04.9;centreon/centreon - dev-dependabot/npm_and_yarn/decode-uri-component-0.2.2;centreon/centreon - dev-MON-6883-add-default-log_directory;centreon/centreon - dev-update-centreon-test-lib;centreon/centreon - dev-MON-5917-filter-testExistence;centreon/centreon - dev-release-21.04.next;centreon/centreon - dev-test-sq;centreon/centreon - dev-MON-6698-reporting-dashboard;centreon/centreon - dev-codesee-arch-diagram-workflow-1661878165127;centreon/centreon - dev-refactoring-dark-mode;centreon/centreon - dev-fix/jenkinsfile_docker_build;centreon/centreon - dev-upgrade-cypress-v6;centreon/centreon - dev-dependabot/composer/friendsofsymfony/rest-bundle-3.0.5;centreon/centreon - dev-MON-6552-platforminformation-refacto;centreon/centreon - dev-MON-5485-validation-failed;centreon/centreon - dev-DEVOPS-206-update-eslint-config;centreon/centreon - dev-MON-get-stats-19-10;centreon/centreon - dev-MON-5340-align-ACL-access-menu-table-list;centreon/centreon - dev-refacto-core-security;centreon/centreon - 21.04.x-dev;centreon/centreon - dev-unattended-with-latest-release-version;centreon/centreon - dev-MON-5609-sonardev-2-8;centreon/centreon - dev-unattended-for-21.04-for-pr;centreon/centreon - dev-MON-6906-ods-view-details;centreon/centreon - dev-MON-5552;centreon/centreon - dev-MON-5760;centreon/centreon - dev-MON-6719;centreon/centreon - dev-fix_chmod_unnecessary;centreon/centreon - dev-select2-hg-display;centreon/centreon - dev-MON-6291;centreon/centreon - dev-prepare-19.10.20-rn;centreon/centreon - dev-MON-6965-remove-orphan-menus;centreon/centreon - dev-MON-7179-warning-when-adding-a-new-host;centreon/centreon - dev-sonar-qg;centreon/centreon - dev-MON-6561-fix-timeline-events-order;centreon/centreon - dev-MON-7123-exporting-graph-to!png-displays-unwanted-data;centreon/centreon - dev-add-map-to-static-assets;centreon/centreon - dev-merge-master-and-21.04.0-beta2;centreon/centreon - dev-phpstan-common-usecase;centreon/centreon - dev-simplify-autocompletion-parameters;centreon/centreon - dev-MON-5091-profiler;centreon/centreon - dev-MON-7222-php-warning-when-editing-a-service-with-no-macro;centreon/centreon - dev-rebase-dev-21.10.x-on-21.10.x;centreon/centreon - dev-DEVOPS-124-vite-poc;centreon/centreon - dev-MON-7020-bis;centreon/centreon - dev-psamecentreon-patch-grant-priv-hostname;centreon/centreon - dev-fix-openid-configuration;centreon/centreon - dev-MON-6042-periods-recurrent-dt;centreon/centreon - dev-MON-6670;centreon/centreon - dev-MON-7015-tooltip-options-are-not-updated-directly;centreon/centreon - dev-MON-4897;centreon/centreon - dev-upgrade-to-19.10.20;centreon/centreon - dev-parallelise-ci;centreon/centreon - dev-test-build-from-master;centreon/centreon - dev-revert-6202-patch-1;centreon/centreon - dev-upgrade-21.04.0-beta.2;centreon/centreon - dev-upgrade-to-20.10.3;centreon/centreon - dev-update-debian-repo-version;centreon/centreon - dev-centreond;centreon/centreon - dev-build-alma-8;centreon/centreon - dev-try-fix-ldap;centreon/centreon - dev-IBT-507-downtime-fr-develop;centreon/centreon - dev-dependabot/composer/smarty/smarty-3.1.43;centreon/centreon - dev-update-to-19.10.22;centreon/centreon - dev-upgrade-to-20.10.4;centreon/centreon - dev-update-dsn-database-template;centreon/centreon - dev-reorginize_open_api_documentation;centreon/centreon - dev-DEVOPS-automate-dependabot2;centreon/centreon - dev-demo-squad-viz;centreon/centreon - dev-header;centreon/centreon - dev-fix(doc)-add-missing-fixes-in-rn;centreon/centreon - dev-dependabot/composer/nelmio/cors-bundle-2.1.1;centreon/centreon - dev-display-svg;centreon/centreon - dev-update-readme;centreon/centreon - dev-vault-configuration-endpoints;centreon/centreon - dev-MON-6880-units-are-not-properly-displayed;centreon/centreon - dev-MON-5535-security-fixes-2.8.x;centreon/centreon - 20.10.7.x-dev;centreon/centreon - dev-failed-installation-due-to-debug
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | SINGLE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | PARTIAL |
| Availability (A): | PARTIAL |
| Additional information: |