Unauthenticated Remote Command Execution in Centreon Web Interface

vendor:

a:centreon:centreon

by:

HIGH

and because of the lack of sanitization

CVSS

it is possible to inject arbitrary system commands."

SQL injection leading to RCE

Nicolas Chatelain

CWE

Product Name: a:centreon:centreon

Affected Version From: Upgrade to Centreon version 19.04.1 or later.

Affected Version To: YES

Patch Exists: 78

Related CWE: 2019

CPE: Centreon versions prior to 19.04.1

Metasploit: Linux

Other Scripts: https://www.exploit-db.com/raw/39501

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Centreon

Unauthenticated Remote Command Execution in Centreon Web Interface

A critical vulnerability has been found in the Centreon logging class allowing remote users to execute arbitrary commands. Centreon logs SQL database errors in a log file using the "echo" system command and the exec() PHP function. On the authentification class, Centreon use htmlentities with the ENT_QUOTES options to filter SQL entities. However, Centreon doesn't filter the SQL escape character "" and it is possible to generate an SQL Error. Because of the use of the ""echo"" system command with the PHP exec() function

Mitigation:

N/A

Source

Unauthenticated Remote Command Execution in Centreon Web Interface

Mitigation:

Exploit-DB raw data: