PT-2025-33108 · Git+1 · Centreon+2
Spawnzii
·
Published
2025-08-13
·
Updated
2025-09-16
·
CVE-2025-6791
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Centreon web versions 23.10.0 through 23.10.26
Centreon web versions 24.04.0 through 24.04.16
Centreon web versions 24.10.0 through 24.10.9
Description:
The web application is susceptible to SQL Injection due to improper neutralization of special elements used in an SQL command within the Monitoring event logs module. An authenticated, low-privileged attacker can manipulate the database by altering HTTP requests to insert a payload.
Recommendations:
Centreon web versions prior to 23.10.26 should be updated.
Centreon web versions prior to 24.04.16 should be updated.
Centreon web versions prior to 24.10.9 should be updated.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centreon
Centreon Web
Web