CVE-2024-23119

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the insertGraphTemplate function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22339.

Published: Apr 2, 2024
Updated: May 4, 2025
CVE: CVE-2024-23119
GHSA: GHSA-626r-cj47-p49g
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
centreon / centreon	-	22.10.15

https://github.com/centreon/centreon/commit/c6ee0f67544a70524539b26e8ea92209676a5399
https://github.com/centreon/centreon/pull/2464
https://www.zerodayinitiative.com/advisories/ZDI-24-113
https://www.zerodayinitiative.com/advisories/ZDI-24-113/

Vulnerability Database

289,697

CVE-2024-23119