PT-2020-10168 · Centreon · Centreon

Published

2020-03-20

Updated

2020-03-23

CVE-2019-19484

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Centreon versions 19.04.4 and below

Description The issue allows an attacker to craft a payload and execute unintended behavior via an open redirect in the login.php file. Additionally, command injection is possible via a plugin test in the minPlayCommand.php file, allowing an attacker to achieve command injection.

Recommendations For Centreon versions 19.04.4 and below, consider disabling the login.php and minPlayCommand.php files until a patch is available to prevent open redirect and command injection attacks. Avoid using the parameter p in the login.php file until the issue is resolved. Restrict access to the minPlayCommand.php file to minimize the risk of command injection exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2019-19484

Affected Products

Centreon

PT-2020-10168 · Centreon · Centreon

CVE-2019-19484

Weakness Enumeration

Related Identifiers

Affected Products

References · 7