CVE-2024-39843

Name of the Vulnerable Software and Affected Versions Centreon version 24.04.2

Description A SQL injection vulnerability allows a remote high-privileged attacker to execute arbitrary SQL commands via create user form inputs. This issue is related to the lack of protection of the SQL query structure, enabling an attacker to escalate privileges and execute arbitrary code using a specially crafted SQL query.

Recommendations For Centreon version 24.04.2, as a temporary workaround, consider restricting access to the create user form until a patch is available. Additionally, avoid using the create user form inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.