CVE-2014-3829

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

Published: Oct 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3829
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
merethis / centreon	2.5.1	2.5.1.x
merethis / centreon_enterprise_server	2.2	2.2.x

http://seclists.org/fulldisclosure/2014/Oct/78
http://www.kb.cert.org/vuls/id/298796
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html
https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde

Vulnerability Database

289,697

CVE-2014-3829