High severityNVD Advisory· Published Jul 14, 2015· Updated Jun 17, 2026
CVE-2015-1561
CVE-2015-1561
Description
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
centreon/centreonPackagist | < 2.8.28 | 2.8.28 |
Affected products
2Patches
Vulnerability mechanics
References
11- packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.htmlnvdExploitWEB
- github.com/advisories/GHSA-c4fj-3wqq-g9c9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1561ghsaADVISORY
- forge.centreon.com/projects/centreon/repository/revisions/387dffdd051dbc7a234e1138a9d06f3089bb55bbnvdWEB
- github.com/centreon/centreon-archived/commit/387dffdd051dbc7a234e1138a9d06f3089bb55bbghsaWEB
- github.com/centreon/centreon-archived/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98aghsaWEB
- github.com/centreon/centreon-archived/pull/7083ghsaWEB
- github.com/centreon/centreon-archived/pull/7271ghsaWEB
- web.archive.org/web/20201125112637/http://www.securityfocus.com/archive/1/535961/100/0/threadedghsaWEB
- www.securityfocus.com/archive/1/535961/100/0/threadednvd
- github.com/centreon/centreon/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98anvd
News mentions
0No linked articles in our index yet.