CVE-2008-1119

Centreon < 1.4.2.3 - Path Traversal via get_image.php img Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1119. PoCs published by Julien CAYSSOL.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Oreon's get_image.php to read sensitive files like oreon.conf.php and /etc/passwd. It extracts database credentials and displays the contents of /etc/passwd.

Description

Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Julien CAYSSOL · pythonwebappsphp
https://www.exploit-db.com/exploits/5204

This exploit leverages a directory traversal vulnerability in Oreon's get_image.php to read sensitive files like oreon.conf.php and /etc/passwd. It extracts database credentials and displays the contents of /etc/passwd.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Oreon (likely version 1.3.1 or earlier)
No auth needed
Prerequisites: Network access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5204
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28022

Scores

EPSS 0.0810
EPSS Percentile 94.1%

Details

CWE
CWE-22
Status published
Products (6)
centreon/centreon 1.4
centreon/centreon 1.4.1
centreon/centreon 1.4.2
centreon/centreon 1.4.2.1
centreon/centreon 1.4.2.2
centreon/centreon < 1.4.2.3
Published Mar 03, 2008
Tracked Since Feb 18, 2026