Описание
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
Ссылки
- Mailing ListPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.8 (включая) до 2.8.27 (исключая)Версия от 18.10.0 (включая) до 18.10.4 (исключая)
Одно из
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01609
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
EPSS
Процентиль: 81%
0.01609
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-78