GHSA-c4fj-3wqq-g9c9

Suggest an improvement
Source
https://github.com/advisories/GHSA-c4fj-3wqq-g9c9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c4fj-3wqq-g9c9/GHSA-c4fj-3wqq-g9c9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c4fj-3wqq-g9c9
Aliases
  • CVE-2015-1561
Published
2022-05-14T00:55:18Z
Modified
2024-02-16T08:15:44.533830Z
Severity
  • 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Centreon Command Injection
Details

The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (offending file deleted in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.

References

Affected packages

Packagist / centreon/centreon

Package

Name
centreon/centreon
Purl
pkg:composer/centreon/centreon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.28

Affected versions

2.*

2.7.3