Published: 23/10/2014 Updated: 30/07/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
merethis centreon 2.5.1
merethis centreon enterprise server 2.2

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' ...

Centreon versions 252 and below and Centreon Enterprise Server versions 22 and below and 30 and below suffer from remote SQL injection and remote command injection vulnerabilities ...

CWE-94 http://seclists.org/fulldisclosure/2014/Oct/78 http://www.kb.cert.org/vuls/id/298796 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde https://nvd.nist.gov https://www.exploit-db.com/exploits/41676/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3829

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect