Affecting centreon/centreon package, versions >=19.10.0, <19.10.2 || >=18.10.0, <18.10.8 || >=2.8.0, <2.8.30 || >=19.4.0, <19.4.5
centreon/centreon is a network, system, applicative supervision and monitoring tool.
Affected versions of this package are vulnerable to Command Injection.
An authenticated command injection is present in the page
include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the
mnftr parameter is sent to the page and is not filtered properly, allowing injection of commands.
centreon/centreon to version 19.10.2, 18.10.8, 2.8.30, 19.4.5 or higher.