CVE-2014-3829

Name of the Vulnerable Software and Affected Versions Centreon versions 2.5.1 through 2.5.2 Centreon Enterprise Server version 2.2

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the session id or template id parameter, related to the command line variable. This is a command execution issue that can be exploited by sending malicious input to the displayServiceStatus.php script.

Recommendations For Centreon versions 2.5.1 through 2.5.2, update to version 2.5.3 or later to resolve the issue. For Centreon Enterprise Server version 2.2, update to a version that includes the fix for this issue, as the specific fixed version is not provided. As a temporary workaround, consider restricting access to the displayServiceStatus.php script to minimize the risk of exploitation. Avoid using the session id and template id parameters in the displayServiceStatus.php script until the issue is resolved.