← Advisories

Centreon 2.6.1 Unrestricted File Upload Vulnerability

High
Advisory ID
ZSL-2015-5264
Release Date
26 September 2015
Vendor
Centreon - https://www.centreon.com
Affected Version
2.6.1 (CES 3.2)
CVE
N/A
Tested On
CentOS 6.6 (Final), Apache/2.2.15, PHP/5.3.3
Summary

Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management.

Description

The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in the '/img/media/' directory.

Proof of Concept
centreon_upload.txtTXT
Disclosure Timeline
10.08.2015Vulnerability discovered.
12.08.2015Vendor contacted.
13.08.2015Vendor replies asking more details.
13.08.2015Sent details to the vendor.
14.08.2015Vendor sends details to developing team.
19.08.2015Asked vendor for status update.
19.08.2015Vendor states that some issues were fixed in 2.6.2 and rest will be fixed in 2.6.3 or 2.7.
25.08.2015Asked vendor for status update.
25.08.2015Vendor will get back to us by 15th of September because of holidays.
16.09.2015No reply from the vendor.
17.09.2015Informed vendor about public release.
17.09.2015Vendor has released version 2.6.2 fixing the file upload issue. Remaining issues promised to be fixed in next release.
24.09.2015Vendor releases version 2.6.3 to fix remaining issues?
26.09.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.2.html
[2]https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.3.html
[3]https://www.exploit-db.com/exploits/38339/
[4]https://packetstormsecurity.com/files/133744
[5]https://cxsecurity.com/issue/WLB-2015090168
Changelog
26.09.2015Initial release
07.10.2015Added reference [3], [4] and [5]