Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in the Centreon logging class allowing remote users to execute arbitrary commands. SQL injection leading to RCE ============================ Centreon logs SQL database errors in a log file using the "echo" system command and the exec() PHP function. On the authentification class, Centreon use htmlentities with the ENT_QUOTES options to filter SQL entities. However, Centreon doesn't filter the SQL escape character "\" and it is possible to generate an SQL Error. Because of the use of the "echo" system command with the PHP exec() function, and because of the lack of sanitization, it is possible to inject arbitrary system commands. **Access Vector**: remote **Security Risk**: high **Vulnerability**: CWE-78
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment