centreon/centreon is vulnerable to remote code execution. An administrator with access to modify the Macro Expression location settings is able to execute arbitrary OS commands on the system through the comments
field by changing the Macro Expression value to /
.
packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html
github.com/centreon/centreon/pull/7864
github.com/centreon/centreon/pull/7884
github.com/TheCyberGeek/CVE-2019-16405.rb
thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html
thecybergeek.co.uk/cves/2019/09/19/CVEs.html