CSRF Vulnerability with Remote Command Execution in Centreon Autodiscovery Plugin

CSRF Vulnerability with Remote Command Execution in Centreon Autodiscovery Plugin

CVE-2019-17642 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin.

Learn more about our Cis Benchmark Audit For Server Software.