Code injection

2019-10-0813:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.

CPENameOperatorVersion
centreon_webge2.8
centreon_weblt2.8.28
centreon_webge18.10.0
centreon_weblt18.10.5

Name	Operator	Version
centreon_web	ge	2.8
centreon_web	lt	2.8.28
centreon_web	ge	18.10.0
centreon_web	lt	18.10.5

References

www.openwall.com/lists/oss-security/2019/10/09/2

github.com/centreon/centreon/pull/7083

github.com/centreon/centreon/pull/7271

www.openwall.com/lists/oss-security/2019/10/08/1