CVE-2024-23119

Name of the Vulnerable Software and Affected Versions Centreon Web versions prior to 22.10.17 Centreon Web versions prior to 23.04.13 Centreon Web versions prior to 23.10.5

Description This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. The specific flaw exists within the insertGraphTemplate function, resulting from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Approximately 3,315 devices are potentially affected, mainly distributed in France, Ireland, and other countries. Authentication is required to exploit this vulnerability.

Recommendations For Centreon Web versions prior to 22.10.17, update to version 22.10.17 or later. For Centreon Web versions prior to 23.04.13, update to version 23.04.13 or later. For Centreon Web versions prior to 23.10.5, update to version 23.10.5 or later. As a temporary workaround, consider disabling the insertGraphTemplate function until a patch is available.