Published: 10/11/2011 Updated: 14/02/2012

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal vulnerability in main.php in Merethis Centreon prior to 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merethis centreon 1.4
merethis centreon 1.4.2.5
merethis centreon 1.4.2.6
merethis centreon 1.4.2.7
merethis centreon 2.0
merethis centreon 2.1.10
merethis centreon 2.1.11
merethis centreon 2.1.7
merethis centreon 2.1.8
merethis centreon 2.2
merethis centreon 2.3.0
merethis centreon 1.4.2.3
merethis centreon 1.4.2.4
merethis centreon 2.1.0
merethis centreon 2.1.1
merethis centreon 2.1.4
merethis centreon 2.1.5
merethis centreon 2.1.6
merethis centreon 1.4.1
merethis centreon 1.4.2
merethis centreon 2.0.1
merethis centreon 2.0.2
merethis centreon 2.1.12
merethis centreon 2.1.13
merethis centreon 2.1.9
merethis centreon
merethis centreon 1.4.2.1
merethis centreon 1.4.2.2
merethis centreon 2.1.2
merethis centreon 2.1.3
merethis centreon 2.2.1
merethis centreon 2.2.2

source: wwwsecurityfocuscom/bid/50568/info Centreon is prone to a remote command-injection vulnerability Attackers can exploit this issue to execute arbitrary commands in the context of the application Centreon 231 is affected; other versions may also be vulnerable wwwexamplecom/centreon/mainphp?p=60706&command_name ...

CWE-22 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt http://securityreason.com/securityalert/8530 https://nvd.nist.gov https://www.exploit-db.com/exploits/36293/

CVE-2011-4431

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect