Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-28053
CVE-2021-28053:
Centreon vulnerability analysis and mitigation
Overview
A SQL injection vulnerability was discovered in Centreon-Web in Centreon Platform 20.10.0. The vulnerability exists in the 'Configuration > Users > Contacts / Users' section, where remote authenticated users can execute arbitrary SQL commands through the Additional Information parameters (Debian Security).
Technical details
The vulnerability affects the user management functionality in Centreon Platform 20.10.0, specifically in the Additional Information parameters of the Contacts/Users configuration section. The issue stems from improper validation of user input before it is used in SQL queries, allowing authenticated users to inject and execute arbitrary SQL commands (Debian Security).
Impact
The vulnerability allows authenticated users to execute arbitrary SQL commands, potentially leading to unauthorized access to the database, data manipulation, or information disclosure. As the vulnerability requires authentication, the impact is somewhat limited to users who already have access to the system (Debian Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management