Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2015-1561

CVE-2015-1561:
Centreon Command Injection

8.6

CVSS Score

Basic Information

CVE ID
CVE-2015-1561
GHSA ID
GHSA-c4fj-3wqq-g9c9
EPSS Score
-
CWE
CWE-77
Published
5/14/2022
Updated
8/2/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
centreon/centreoncomposer< 2.8.282.8.28

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the escape_command function's regex pattern. The original regex /(\\\$|)/only matched literal$(backslash + dollar) or backticks, but failed to handle standalone$, |, or other shell metacharacters. The corrected regex /[\$|]/ uses a character class to sanitize individual dangerous characters. The function's improper filtering allowed command injection via the ns_id parameter, as confirmed by the CVE description, commit diff, and exploit examples (e.g., %26 touch /tmp/das %26 bypassing sanitization).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `*s**p*_*omm*n*` *un*tion in `in*lu**/**ministr*tion/*or*P*r*orm*n**/**tSt*ts.p*p` in **ntr*on (*orm*rly M*r*t*is **ntr*on) *.*.* *n* **rli*r (o***n*in* *il* **l*t** in **ntr*on **.**.*) us*s *n in*orr**t r**ul*r *xpr*ssion, w*i** *llows r*mot* *

Reasoning

T** vuln*r**ility st*ms *rom t** `*s**p*_*omm*n*` *un*tion's r***x p*tt*rn. T** ori*in*l r***x `/(\\\$|`)/` only m*t**** lit*r*l `\$` (***ksl*s* + *oll*r) or ***kti*ks, *ut **il** to **n*l* st*n**lon* `$`, `|`, or ot**r s**ll m*t****r**t*rs. T** *orr