centreon/centreon serves API without the need for authentication. Various web services were fully accessible using external.php
which would allow an unauthenticated attacker to perform actions on the server.
documentation.centreon.com/docs/centreon/en/19.04/release_notes/centreon-19.04/centreon-19.04.5.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html
github.com/centreon/centreon/pull/8021