Centreon centreon-web
Moderate fix4 remedies
cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 24.10, < 24.10.3
- >= 24.04, < 24.04.9
- >= 23.10, < 23.10.19
- >= 23.04, < 23.04.24
Centreon Web SQL Injection Vulnerability in Virtual Metrics Creation
Vulnerability
Patched
A SQL injection vulnerability has been identified in Centreon Web versions 24.10.x prior to 24.10.3, 24.04.x prior to 24.04.9, 23.10.x prior to 23.10.19, and 23.04.x prior to 23.04.24. This issue allows high-privilege users to inject malicious SQL into the form used for creating virtual metrics.
Impact
Exploitation of this vulnerability allows for SQL injection, where an authenticated user with high privileges can manipulate SQL queries. This could potentially lead to unauthorized data access or modification, depending on the application's database handling.
Remediation
Users are advised to update to Centreon Web versions 24.10.3, 24.04.9, 23.10.19, or 23.04.24, all of which include cumulative fixes from prior updates.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
4.8remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.