CVE-2011-4431

Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.

Published: Nov 10, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4431
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
merethis / centreon	2.1.7	2.1.7.x
merethis / centreon	2.3.0-rc3	2.3.0-rc3.x
merethis / centreon	2.1.9	2.1.9.x
merethis / centreon	2.0-rc5	2.0-rc5.x
merethis / centreon	1.4.2.4	1.4.2.4.x
merethis / centreon	1.4.2.1	1.4.2.1.x
merethis / centreon	1.4.2.5	1.4.2.5.x
merethis / centreon	2.2-rc1	2.2-rc1.x
merethis / centreon	2.2-rc2	2.2-rc2.x
merethis / centreon	2.1.3	2.1.3.x
merethis / centreon	1.4.2	1.4.2.x
merethis / centreon	1.4.2.3	1.4.2.3.x
merethis / centreon	2.2.2	2.2.2.x
merethis / centreon	2.1.2	2.1.2.x
merethis / centreon	2.0-rc4	2.0-rc4.x
merethis / centreon	2.1.0	2.1.0.x
merethis / centreon	2.0-rc2	2.0-rc2.x
merethis / centreon	2.1.4	2.1.4.x
merethis / centreon	1.4.2.2	1.4.2.2.x
merethis / centreon	2.1.11	2.1.11.x
merethis / centreon	2.0-rc3	2.0-rc3.x
merethis / centreon	2.1.10	2.1.10.x
merethis / centreon	2.1.13	2.1.13.x
merethis / centreon	1.4	1.4.x
merethis / centreon	2.2	2.2.x
merethis / centreon	2.0-b4	2.0-b4.x
merethis / centreon	2.1.6	2.1.6.x
merethis / centreon	2.1.5	2.1.5.x
merethis / centreon	2.0-b3	2.0-b3.x
merethis / centreon	2.0-b6	2.0-b6.x
merethis / centreon	2.2-b1	2.2-b1.x
merethis / centreon	2.1.12	2.1.12.x
merethis / centreon	2.0.1	2.0.1.x
merethis / centreon	1.4.2.6	1.4.2.6.x
merethis / centreon	2.0-rc1	2.0-rc1.x
merethis / centreon	1.4.1	1.4.1.x
merethis / centreon	2.3.0	2.3.0.x
merethis / centreon	2.0-b5	2.0-b5.x
merethis / centreon	2.0.2	2.0.2.x
merethis / centreon	2.1.8	2.1.8.x
merethis / centreon	2.1.1	2.1.1.x
merethis / centreon	-	2.3.1.x
merethis / centreon	1.4.2.7	1.4.2.7.x
merethis / centreon	2.0-b2	2.0-b2.x
merethis / centreon	2.2.1	2.2.1.x

Vulnerability Database

289,697

CVE-2011-4431