CVE-2011-4431

Published: Nov 10, 2011Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.

Affected (45)

Products: Merethis: Centreon

Merethis

1 product

Centreon

Configuration A

45 vulnerable

Vulnerable Software	Affected Versions
Merethis Centreon	Up to 2.3.1
Merethis Centreon	Version 1.4.1
Merethis Centreon	Version 1.4.2.1
Merethis Centreon	Version 1.4.2.2
Merethis Centreon	Version 1.4.2.3
Merethis Centreon	Version 1.4.2.4
Merethis Centreon	Version 1.4.2.5
Merethis Centreon	Version 1.4.2.6
Merethis Centreon	Version 1.4.2.7
Merethis Centreon	Version 1.4.2
Merethis Centreon	Version 1.4
Merethis Centreon	Version 2.0.1
Merethis Centreon	Version 2.0.2
Merethis Centreon	Version 2.0 b2
Merethis Centreon	Version 2.0 b3
Merethis Centreon	Version 2.0 b4
Merethis Centreon	Version 2.0 b5
Merethis Centreon	Version 2.0 b6
Merethis Centreon	Version 2.0 rc1
Merethis Centreon	Version 2.0 rc2
Merethis Centreon	Version 2.0 rc3
Merethis Centreon	Version 2.0 rc4
Merethis Centreon	Version 2.0 rc5
Merethis Centreon	Version 2.1.0
Merethis Centreon	Version 2.1.10
Merethis Centreon	Version 2.1.11
Merethis Centreon	Version 2.1.12
Merethis Centreon	Version 2.1.13
Merethis Centreon	Version 2.1.1
Merethis Centreon	Version 2.1.2
Merethis Centreon	Version 2.1.3
Merethis Centreon	Version 2.1.4
Merethis Centreon	Version 2.1.5
Merethis Centreon	Version 2.1.6
Merethis Centreon	Version 2.1.7
Merethis Centreon	Version 2.1.8
Merethis Centreon	Version 2.1.9
Merethis Centreon	Version 2.2.1
Merethis Centreon	Version 2.2.2
Merethis Centreon	Version 2.2
Merethis Centreon	Version 2.2 b1
Merethis Centreon	Version 2.2 rc1
Merethis Centreon	Version 2.2 rc2
Merethis Centreon	Version 2.3.0
Merethis Centreon	Version 2.3.0 rc3

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

http://securityreason.com/securityalert/8530

Source: cve@mitre.org

https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt

Source: cve@mitre.org

Exploit

http://securityreason.com/securityalert/8530

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.