Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
{
"github_reviewed_at": "2021-05-20T22:17:17Z",
"cwe_ids": [
"CWE-78"
],
"github_reviewed": true,
"nvd_published_at": "2020-05-21T04:15:00Z",
"severity": "HIGH"
}