Remote Code Execution via Macro Expression Location Settings in Centreon Web

Remote Code Execution via Macro Expression Location Settings in Centreon Web

CVE-2019-16405 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

Learn more about our Web App Pen Testing.