Required CVE Record Information
Description
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://engindemirbilek.github.io/centreon-19.10-rce x_transferred
- https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/centreon-19.10-rce.html x_transferred
- https://github.com/centreon/centreon/pull/8467 x_transferred
- https://github.com/centreon/centreon/compare/19.04.13...19.04.15 x_transferred