Russian Vulnerability Scanner Database

Back to List

CVE-2014-3829

Scores

EPSS

0.862high86.2%
0%20%40%60%80%100%

Percentile: 86.2%

CVSS

10.0critical2.0
0246810

CVSS Score: 10.0/10

All CVSS Scores

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-94

Exploits

Exploit ID: 41676

Source: exploitdb

URL: https://www.exploit-db.com/exploits/41676

Vulnerable Software (2)

Type: Configuration

Vendor: *

Product: centreon

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:merethis:centreon_enterprise_server:2.2...

Source: nvd

Type: Configuration

Vendor: *

Product: centreon_enterprise_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:merethis:centreon_enterprise_server:2.2...

Source: nvd

End of list