Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2015-1561

Published: 14/07/2015 Updated: 30/07/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Centreon

Vulnerability Summary

The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and previous versions (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

centreon centreon

Exploits

Exploit DB: Centreon 2.5.4 - Multiple Vulnerabilities
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution CVEs: CVE-2015-1560, CVE-2015-1561 Vendor: Merethis - wwwcentreoncom Product: Centreon Version affected: 254 and prior Product description: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time ...
Exploit DB: Merethis Centreon 2.5.4 SQL Injection / Remote Command Execution
Merethis Centreon versions 254 and below suffer from remote SQL injection and command execution vulnerabilities ...

Github Repositories

https://github.com/iojymbo/Public-Exploits

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

https://github.com/iojymbo/public-exploits

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

https://github.com/Iansus/Centreon-CVE-2015-1560_1561

A little Python tool for exploiting CVE-2015-1560 and CVE-2015-1561. Quick'n'dirty. Real dirty.

Centreon-CVE-2015-1560_1561 A little Python tool for exploiting CVE-2015-1560 and CVE-2015-1561 on Centreon <= 254 Quick'n'dirty Real dirty

References

CWE-77http://packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.htmlhttps://forge.centreon.com/projects/centreon/repository/revisions/387dffdd051dbc7a234e1138a9d06f3089bb55bbhttp://www.securityfocus.com/archive/1/535961/100/0/threadedhttps://github.com/centreon/centreon/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98a#diff-27550b563fa8d660b64bca871a219cb1https://nvd.nist.govhttps://www.exploit-db.com/exploits/37528/https://github.com/iojymbo/Public-Exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook