This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:CTS:CENTREON-FRMPHP-CMDINJ
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Centreon formMibs Command Injection
|
Release Date |
2020/03/03
|
Update Number |
3259
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Centreon formMibs Command Injection
This signature detects attempts to exploit a known vulnerability against Centreon Web Application. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.
Affected Products
- Centreon centreon_web 18.10.0
- Centreon centreon_web 18.10.1
- Centreon centreon_web 18.10.2
- Centreon centreon_web 18.10.3
- Centreon centreon_web 18.10.4
- Centreon centreon_web 18.10.5
- Centreon centreon_web 18.10.6
- Centreon centreon_web 18.10.7
- Centreon centreon_web 19.04.0
- Centreon centreon_web 19.04.1
- Centreon centreon_web 19.04.2
- Centreon centreon_web 19.04.3
- Centreon centreon_web 19.04.4
- Centreon centreon_web 19.10.0
- Centreon centreon_web 19.10.1
- Centreon centreon_web 2.8.1
- Centreon centreon_web 2.8.10
- Centreon centreon_web 2.8.11
- Centreon centreon_web 2.8.12
- Centreon centreon_web 2.8.13
- Centreon centreon_web 2.8.14
- Centreon centreon_web 2.8.15
- Centreon centreon_web 2.8.16
- Centreon centreon_web 2.8.17
- Centreon centreon_web 2.8.18
- Centreon centreon_web 2.8.19
- Centreon centreon_web 2.8.2
- Centreon centreon_web 2.8.20
- Centreon centreon_web 2.8.21
- Centreon centreon_web 2.8.22
- Centreon centreon_web 2.8.23
- Centreon centreon_web 2.8.24
- Centreon centreon_web 2.8.25
- Centreon centreon_web 2.8.26
- Centreon centreon_web 2.8.27
- Centreon centreon_web 2.8.28
- Centreon centreon_web 2.8.29
- Centreon centreon_web 2.8.3
- Centreon centreon_web 2.8.4
- Centreon centreon_web 2.8.5
- Centreon centreon_web 2.8.6
- Centreon centreon_web 2.8.7
- Centreon centreon_web 2.8.8
- Centreon centreon_web 2.8.9
References