Posted by Dau, Huy-Ngoc (FR – Paris) on Jul 10

Merethis Centreon – Unauthenticated blind SQLi and Authenticated Remote Command Execution

CVEs: CVE-2015-1560, CVE-2015-1561

Vendor: Merethis – www.centreon.com
Product: Centreon
Version affected: 2.5.4 and prior

Product description:
Centreon is the choice of some of the world’s largest companies and mission-critical organizations for real-time IT
performance monitoring and diagnostics management. (from https://www.centreon.com/en/)…