CVE-2018-11587

CRITICAL

Centreon 3.4.6 and Centreon Web 2.8.23 - Remote Code Execution via Virtual Metric RPN Value

Title source: llm
STIX 2.1

Description

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/centreon/centreon/pull/6263
Third Party Advisory x_refsource_confirm
https://github.com/centreon/centreon/releases

Scores

CVSS v3 9.8
EPSS 0.0425
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (3)
centreon/centreon 3.4.6
centreon/centreon Packagist
centreon/centreon_web 2.8.23
Published Jun 25, 2018
Tracked Since Feb 18, 2026