CVE-2015-1561

Name of the Vulnerable Software and Affected Versions Centreon versions 2.5.4 and earlier

Description The issue arises from an incorrect regular expression used in the escape command function, located in the include/Administration/corePerformance/getStats.php file. This allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns id parameter.

Recommendations For Centreon versions 2.5.4 and earlier, update to Centreon 19.10.0 or later, where the offending file has been deleted, thus resolving the issue. As a temporary workaround, consider restricting access to the getStats.php file to minimize the risk of exploitation. Avoid using the ns id parameter in the affected API endpoint until the issue is resolved.