CVE-2018-21024
Description
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Centreon Web before 2.8.27 allows unauthenticated arbitrary file upload via licenseUpload.php.
Vulnerability
In Centreon Web versions prior to 2.8.27, the licenseUpload.php endpoint does not properly restrict file uploads. The script is reachable via a POST request without authentication, allowing an attacker to upload arbitrary files to the server [1][2].
Exploitation
An attacker can send a crafted POST request to licenseUpload.php with a malicious file payload. No authentication or special network position is required beyond network access to the Centreon Web interface [2].
Impact
Successful exploitation allows an attacker to upload arbitrary files, which may lead to remote code execution, data tampering, or complete system compromise depending on the uploaded payload and server configuration [1][2].
Mitigation
Centreon fixed this vulnerability in version 2.8.27. Users should upgrade to version 2.8.27 or later. No workaround is available if the system cannot be patched [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Centreon/Centreon Webdescription
- Range: <2.8.27
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.openwall.com/lists/oss-security/2019/10/09/2mitremailing-listx_refsource_MLIST
- github.com/centreon/centreon/pull/7085mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2019/10/08/1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.