Publication date: December 3rd, 2024
Component: centreon-bam-server (on central server).
Feature: Manage user settings
Description: SQLi in the user settings form, only accessible to authenticated users with high privilege access.
Reference: CVE-2024-45757
CVSS: 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:
These versions include cumulative fixes from prior updates.
Reporter: Matthew Taylor, Ludovic Tavernier and Rémi Millerand from Algosecure
Submission: Aug 30, 2024