CVE-2020-13252
Description
Centreon before 19.04.15 has an OS command injection vulnerability via the RRDdatabase_status_path parameter, allowing remote attackers to execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Centreon before 19.04.15 has an OS command injection vulnerability via the RRDdatabase_status_path parameter, allowing remote attackers to execute arbitrary commands.
Vulnerability Overview: CVE-2020-13252 describes an OS command injection flaw in Centreon, a network monitoring solution. The vulnerability exists in the handling of the RRDdatabase_status_path parameter, which is passed via a main.get.php request. Centreon fails to sanitize user input, allowing an attacker to inject shell metacharacters [1][2].
Exploitation: An attacker can send a crafted request to main.get.php with malicious shell metacharacters in the RRDdatabase_status_path parameter. Subsequently, by accessing the include/views/graphs/graphStatus/displayServiceStatus.php page, the injected commands are executed [1]. No authentication is required, making the attack exploitable remotely.
Impact: Successful exploitation allows an unauthenticated remote attacker to execute arbitrary OS commands on the affected Centreon server. This can lead to full system compromise, including data exfiltration, installation of backdoors, or disruption of monitoring services [1].
Mitigation: The issue is patched in Centreon version 19.04.15. Users are strongly advised to upgrade to this version or later. The fix is available via the GitHub pull request #8467 [2]. No workarounds are documented.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
centreon/centreonPackagist | < 19.04.15 | 19.04.15 |
Affected products
2- Centreon/Centreondescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-jmgg-wx67-7qfvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13252ghsaADVISORY
- engindemirbilek.github.io/centreon-19.10-rceghsax_refsource_MISCWEB
- github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/centreon-19.10-rce.htmlghsax_refsource_MISCWEB
- github.com/centreon/centreon/compare/19.04.13...19.04.15ghsax_refsource_MISCWEB
- github.com/centreon/centreon/pull/8467ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.