4 matches found
Command Injection in Centreon
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...
CVE-2020-13252
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...
Centreon < 2.5.3 Multiple Vulnerabilities
According to its version number, the Centreon application hosted on the remote web server is affected by multiple vulnerabilities : - Multiple unauthenticated SQL injection vulnerabilities. CVE-2014-3828 - A remote, unauthenticated command injection vulnerability in the 'sessionid' and 'templatei...
Centreon SQL and Command Injection
This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid...