Primary

Context

Centreon Web SQL Injection Vulnerability Allowing Privileged User Escalation

Vulnerability

Patched

A SQL injection vulnerability has been identified in Centreon Web, specifically in the user configuration form modules. This issue affects Centreon versions 22.10.0 prior to 22.10.28, 23.04.0 prior to 23.04.25, 23.10.0 prior to 23.10.20, 24.04.0 prior to 24.04.10, and 24.10.0 prior to 24.10.4. The vulnerability allows a user with high privileges to intercept contact form requests and modify the payload, potentially leading to unauthorized administrative access.

Impact

Exploitation of this vulnerability could allow a high-privileged user to gain administrative rights on the Centreon Web application.

Remediation

Users are advised to update to Centreon Web versions 24.10.4, 24.04.10, 23.10.20, or 23.04.25, all of which include cumulative fixes from prior updates.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Centreon Web SQL Injection Vulnerability Allowing Privileged User Escalation

Vulnerability

Impact

Remediation

Affected Products

Centreon

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating