Centreon Open Tickets <25.10.3 - Path Traversal
Title source: manualExploitation Summary
EIP tracks 3 public exploits for CVE-2026-2749. PoCs published by hakaioffsec, exploitintel, XZ1r0.
AI-analyzed exploit summary The repository contains functional exploit code for multiple Centreon vulnerabilities (CVE-2026-2749, CVE-2026-2750, CVE-2026-2751), including path traversal to RCE, command injection via CLAPI, and blind SQL injection. Each script is well-structured with clear arguments, session handling, and verification steps.
Description
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.
Exploits (3)
The repository contains functional exploit code for multiple Centreon vulnerabilities (CVE-2026-2749, CVE-2026-2750, CVE-2026-2751), including path traversal to RCE, command injection via CLAPI, and blind SQL injection. Each script is well-structured with clear arguments, session handling, and verification steps.
This repository contains functional exploit code for CVE-2026-2749, a path traversal vulnerability in Centreon Open Tickets leading to remote code execution. It includes multiple PoC scripts demonstrating file write, deletion, and RCE via unsanitized `uniqId` parameters.
This Python script exploits a path traversal vulnerability in Centreon (CVE-2026-2749) to upload a malicious PHP file, achieving remote code execution (RCE). It leverages an arbitrary file write flaw in the Open Tickets module's upload functionality.
References (1)
Related Analysis
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
