Main Vulnerability Database Exploits ID:5915 - Exploit for Command Injection in Centreon - CVE-2019-13024

ID:5915 - Exploit for Command Injection in Centreon - CVE-2019-13024

Published: June 17, 2021

Vulnerability identifier: #VU35769

Vulnerability risk: High

CVE-ID: CVE-2019-13024

CWE-ID: CWE-77

Exploitation vector: Remote access

Vulnerable software:
Centreon

Link to public exploit:

https://www.exploit-db.com/exploits/47069/

Vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).

Remediation

Install update from vendor's website.

ID:5915 - Exploit for Command Injection in Centreon - CVE-2019-13024

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human