Posted by Sysdream Labs on Feb 25

Unauthenticated Remote Command Execution in Centreon Web Interface
==================================================================

Description
===========

Centreon is a popular monitoring solution.

A critical vulnerability has been found in the Centreon logging class
allowing remote users to execute arbitrary commands.

SQL injection leading to RCE
============================

Centreon logs SQL database errors in a log file using the…