CVE-2019-17107: OS Command Injection
First published: Tue Oct 08 2019(Updated: )
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Centreon Centreon Web | >=2.8<2.8.27 | |
| Centreon Centreon Web | >=18.10.0<18.10.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-17107?
CVE-2019-17107 is a vulnerability in Centreon Web before version 2.8.27 that allows authenticated attackers to execute arbitrary code.
How can an attacker exploit CVE-2019-17107?
Authenticated attackers can exploit CVE-2019-17107 by using the command_hostaddress parameter in the minPlayCommand.php file.
What is the severity of CVE-2019-17107?
CVE-2019-17107 has a severity rating of 8.8 (High).
Which software is affected by CVE-2019-17107?
Centreon Web versions 2.8.0 to 2.8.26 and 18.10.0 to 18.10.4 are affected by CVE-2019-17107.
How can I fix CVE-2019-17107?
To fix CVE-2019-17107, update Centreon Web to version 2.8.27 or later.
- collector/nvd-index
- agent/weakness
- vendor/centreon
- canonical/centreon centreon web
- version/centreon centreon web/2.8
- version/centreon centreon web/18.10.0