CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon


The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5.

Centreon is a widely used network, system and application monitoring tool. This issue resides within the insertGraphTemplate function, which fails to properly validate user inputs before incorporating them into SQL queries. As a result, authenticated attackers can execute arbitrary SQL commands, potentially gaining control over the database and executing code within the context of the service account.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...