CVE-2020-9463

Name of the Vulnerable Software and Affected Versions Centreon version 19.10

Description The issue allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server ip field in JSON data in an "api/internal.php?object=centreon configuration remote" request.

Recommendations For Centreon version 19.10, as a temporary workaround, consider restricting access to the "api/internal.php?object=centreon configuration remote" endpoint until a patch is available. Avoid using the server ip field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.