exploitDog

CVE-2020-9463

Опубликовано: 28 фев. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.

Ссылки

https://code610.blogspot.com/2020/02/postauth-rce-in-centreon-1910.html
Exploit
Third Party Advisory
https://code610.blogspot.com/2020/02/postauth-rce-in-centreon-1910.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:centreon:centreon:19.10:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03829

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-rp7r-wpfq-pr77

github

больше 3 лет назад

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.

EPSS

Процентиль: 88%

0.03829

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78