CVE-2024-39841

Name of the Vulnerable Software and Affected Versions: Centreon Web versions 22.10.0 through 22.10.22 Centreon Web versions 23.04.0 through 23.04.18 Centreon Web versions 23.10.0 through 23.10.12 Centreon Web versions 24.04.0 through 24.04.2

Description: A SQL Injection vulnerability exists in the service configuration functionality. This issue is related to the testServiceExistence() function and is caused by a lack of protection for the SQL query structure. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations: For Centreon Web versions 22.10.0 through 22.10.22, update to version 22.10.23. For Centreon Web versions 23.04.0 through 23.04.18, update to version 23.04.19. For Centreon Web versions 23.10.0 through 23.10.12, update to version 23.10.13. For Centreon Web versions 24.04.0 through 24.04.2, update to version 24.04.3.