CVE-2019-13024

HIGH

Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2019-13024. PoCs published by Starry Sky, Askar, mhaskar.

AI-analyzed exploit summary This script is a brute-force tool for Centreon API 19.04.0, targeting the authentication endpoint to discover valid credentials. It does not exploit CVE-2019-13024 but instead performs credential brute-forcing.

Description

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).

Exploits (4)

exploitdb SCANNER
by Starry Sky · pythonwebappsphp
https://www.exploit-db.com/exploits/52156

This script is a brute-force tool for Centreon API 19.04.0, targeting the authentication endpoint to discover valid credentials. It does not exploit CVE-2019-13024 but instead performs credential brute-forcing.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Centreon API 19.04.0
No auth needed
Prerequisites: Network access to the Centreon API endpoint · Username or username wordlist · Password wordlist
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Askar · pythonwebappsphp
https://www.exploit-db.com/exploits/47069

This exploit targets Centreon v19.04 by leveraging authenticated RCE via poller configuration manipulation. It injects a reverse shell payload into the 'nagios_bin' parameter and triggers execution by generating configuration files.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Centreon v19.04
Auth required
Prerequisites: valid credentials · network access to target · listener setup for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 11 stars
by mhaskar · poc
https://github.com/mhaskar/CVE-2019-13024

This repository contains a functional Python exploit for CVE-2019-13024, an authenticated remote code execution vulnerability in Centreon v19.04. The exploit authenticates to the target, retrieves CSRF tokens, injects a malicious payload into the poller configuration, and triggers execution via XML generation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Centreon v19.04
Auth required
Prerequisites: Valid credentials for Centreon · Network access to the target · Netcat listener for reverse shell
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by get-get-get-get · poc
https://github.com/get-get-get-get/Centreon-RCE

This repository contains a functional Python exploit for CVE-2019-13024, targeting Centreon versions before 19.04.3. The exploit authenticates to the Centreon web interface, injects a malicious command into the poller configuration, and triggers its execution via XML generation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Centreon < 19.04.3
Auth required
Prerequisites: Valid Centreon credentials · Network access to the Centreon web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.3216
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (1)
centreon/centreon 19.04.0
Published Jul 01, 2019
Tracked Since Feb 18, 2026