← Back

CVE-2019-15298

nvd nist
Published: Nov 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.

Affected (4)

Centreon
1 product
Centreon Web
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Centreon
Centreon Web
From 18.10.0 to 18.10.8
Centreon Web
From 19.04.0 to 19.04.5
Centreon Web
From 19.10.0 to 19.10.2
Centreon Web
From 2.8.1 to 2.8.30

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable

Timeline

No history available yet.