Maz

**Name of the Vulnerable Software and Affected Versions** Centreon versions 2.5.1 through 2.5.2 Centreon Enterprise Server version 2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `index id` parameter to "views/graphs/common/makeXML ListMetrics.php", the `sid` parameter to "views/graphs/GetXmlTree.php", the `session id` parameter to "views/graphs/graphStatus/displayServiceStatus.php", the `mnftr id` parameter to "configuration/configObject/traps/GetXMLTrapsForVendor.php", or the `index` parameter to "common/javascript/commandGetArgs/cmdGetExample.php" in include/. **Recommendations** For Centreon versions 2.5.1 through 2.5.2, update to Centreon web 2.5.3. For Centreon Enterprise Server version 2.2, update to a version that includes the fix, as the specific fixed version is not provided in the input data. As a temporary workaround, consider restricting access to the vulnerable API endpoints and parameters, such as `index id`, `sid`, `session id`, `mnftr id`, and `index`, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Centreon versions 2.5.1 through 2.5.2 Centreon Enterprise Server version 2.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `session id` or `template id` parameter, related to the `command line` variable. This is a command execution issue that can be exploited by sending malicious input to the displayServiceStatus.php script. **Recommendations** For Centreon versions 2.5.1 through 2.5.2, update to version 2.5.3 or later to resolve the issue. For Centreon Enterprise Server version 2.2, update to a version that includes the fix for this issue, as the specific fixed version is not provided. As a temporary workaround, consider restricting access to the displayServiceStatus.php script to minimize the risk of exploitation. Avoid using the `session id` and `template id` parameters in the displayServiceStatus.php script until the issue is resolved.