• »
  • Latest Threats
  • Desktop
  • Server
  • critical Severity (Can fully compromise system)

Vulnerability in IT infrastructure software Centreon allows remote attackers to execute arbitrary commands via shell metacharacters

critical Severity            Affects:
Centreon 2.5.1
Centreon Enterprise Server 2.2

www/include/views/graphs/graphStatus/displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

The remote command injection can be performed by an anonymous, non-authenticated attacker

RECOMMENDATION

A patch has not been released yet. 

In the meantime, it is highly recommended that this component is deleted.