Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Centreon 命令注入漏洞
Vulnerability Description
Centreon(Merethis Centreon)是一套需要与Nagios搭配使用的开源IT监控软件。该软件通过网页(Web)管理Nagios,以及通过第三方组件实现对网络、操作系统和应用程序的监控。 Centreon 2.5.4及之前版本的include/Administration/corePerformance/getStats.php脚本中的‘escape_command’函数存在命令注入漏洞,该漏洞源于程序使用不正确的正则表达式。远程攻击者可借助‘ns_id’参数中的shell元字符利用该漏
CVSS Information
N/A
Vulnerability Type
N/A