CVE-2018-21023
Description
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated remote code execution in Centreon Web getStats.php via ns_id parameter affecting versions before 2.8.28 and 18.10.5.
Vulnerability
The getStats.php script in Centreon Web versions before 2.8.28 and 18.10.5 is vulnerable to authenticated remote code execution. An attacker with valid credentials can inject arbitrary commands through the ns_id parameter, which is not properly sanitized [4].
Exploitation
To exploit this vulnerability, an attacker needs a valid Centreon Web account with at least read access. The attacker sends a specially crafted HTTP request to getStats.php with the ns_id parameter containing malicious input. This input is processed without proper validation, allowing command execution on the server [4].
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands as the web server user. This can lead to full compromise of the Centreon server, including data exfiltration, installation of backdoors, and lateral movement within the network.
Mitigation
The vulnerability is fixed in Centreon Web versions 2.8.28 and 18.10.5, released in early 2019 [4]. Users should upgrade to these versions or later. No official workarounds are available; upgrading is the recommended action.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Centreon/Centreon Webdescription
- Range: <2.8.28
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.openwall.com/lists/oss-security/2019/10/09/2mitremailing-listx_refsource_MLIST
- github.com/centreon/centreon/pull/7083mitrex_refsource_MISC
- github.com/centreon/centreon/pull/7271mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2019/10/08/1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.