/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
References
Link | Resource |
---|---|
https://engindemirbilek.github.io/centreon-19.10-rce | Exploit Third Party Advisory |
https://github.com/centreon/centreon/pull/8467#event-3163627607 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-18T20:21:28
Updated: 2021-08-18T20:21:28
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-22345
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-18T21:15:06.850
Modified: 2021-08-25T19:04:11.613
Link: CVE-2020-22345
JSON object: View
Redhat Information
No data.
CWE