Security fixed in Centreon Web
Submission: June 21, 2024
Publication date: September 17, 2024
Severity: HIGH
Feature: Edition of contacts / users
Component: centreon-web
Fixes have been provided for all supported versions and it is recommended to update Centreon Web:
These versions include cumulative fixes from prior updates.
CVE-2024-39842 - SQLi in contacts form, only accessible to authenticated users with high privilege access.
Reporter: Trend Micro
Impact: (CVSS + Path) 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.
Reference: CVE-2024-39842
CVE-2024-39843 - SQLi in contacts form, only accessible to authenticated users with high privilege access.
Reporter: Trend Micro
Impact: (CVSS + Path) 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
Reference: CVE-2024-39843
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
