CVE-2021-26804
MEDIUMCentreon Web 19.10.18 20.04.8 20.10.2 - Unauthenticated File Upload via Image Extension Spoofing
Title source: llmDescription
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621
Scores
CVSS v3
6.5
EPSS
0.0119
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-276
Status
published
Products (3)
centreon/centreon_web
19.10.18
centreon/centreon_web
20.04.8
centreon/centreon_web
20.10.2
Published
May 04, 2021
Tracked Since
Feb 18, 2026