centreon/centreon is vulnerable to open redirection. A hidden parameter p
allows an attacker to add additional URL parameters using the URL encoded &
character and redirect users to an arbitrary page. This vulnerability can be leveraged to execute arbitrary code on the system when a privileged user is tricked into visiting a link containing the malicious payload in the URL.
CPE | Name | Operator | Version |
---|---|---|---|
centreon/centreon | le | 19.10.8 |