CVE-2014-3829 Information

Description

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter related to the command_line variable.

Reference

http://seclists.org/fulldisclosure/2014/Oct/78 http://www.kb.cert.org/vuls/id/298796 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90diff-e328097503b14fbb117e0db798aefcde