N/A

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).

N/A

N/A

Centreon 命令注入漏洞

Centreon（Merethis Centreon）是一套需要与Nagios搭配使用的开源IT监控软件。该软件通过网页（Web）管理Nagios，以及通过第三方组件实现对网络、操作系统和应用程序的监控。 Centreon V19.04版本中存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

N/A

N/A