Publication date: March 12, 2025
Component: centreon-web and all modules.
Feature: All legacy pages
Description: smarty/smarty is vulnerable to code injection. The vulnerability is due to insufficient validation of file names used in the `extends-tag`. This allows attackers to inject PHP code by choosing a malicious file name for an `extends-tag`.
Reference: CVE-2024-35226
CVSS: 7.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Severity: HIGH
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central, Centreon Map and Centreon MBI servers:
These versions include cumulative fixes from prior updates.
Reporter: N/A
Submission: November 28, 2024
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.