PT-2025-2997 · Centreon · Centreon Web
Spawnzii
·
Published
2025-01-23
·
Updated
2025-06-06
·
CVE-2024-53923
CVSS v3.1
9.1
Critical
| Vector | AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
Centreon Web versions 23.04.x through 23.04.23
Centreon Web versions 23.10.x through 23.10.18
Centreon Web versions 24.04.x through 24.04.8
Centreon Web versions 24.10.x through 24.10.2
Description
A user with high privileges is able to achieve SQL injection in the form to upload media. This issue allows attackers with high privileges to exploit the media upload form by potentially injecting malicious SQL code.
Recommendations
Centreon Web version 23.04.x: Update to version 23.04.24 or later.
Centreon Web version 23.10.x: Update to version 23.10.19 or later.
Centreon Web version 24.04.x: Update to version 24.04.9 or later.
Centreon Web version 24.10.x: Update to version 24.10.3 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centreon Web