Description

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

Related CPE's

Could not find any relations

References

https://github.com/centreon/centreon/releases

Weaknesses

bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Secondary
CWE-78

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

Information

Source identifier

bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Vulnerability status

Received

Published

2026-01-05T10:15:55.870Z

42 hours ago

Last modified

2026-01-05T10:15:55.870Z

42 hours ago