CVE-2019-16405

HIGH

Centreon Web , 18.10.x , 19.04.x , 19.10.x <2.8.30 <18.10.8 <19.04.5 - Remote Code Execution

Title source: llm

Description

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

Exploits (2)

exploitdb WORKING POC
by TheCyberGeek · rubywebappsphp
https://www.exploit-db.com/exploits/47948
nomisec WORKING POC 9 stars
by TheCyberGeek · poc
https://github.com/TheCyberGeek/CVE-2019-16405.rb

References (10)

Scores

CVSS v3 7.2
EPSS 0.0856
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
centreon/centreon 0 - 18.10.8Packagist
centreon/centreon_web < 2.8.30
Published Nov 21, 2019
Tracked Since Feb 18, 2026