Home > Vulnerability Database > CVE-2024-39842

Mend.io Vulnerability Database

CVE-2024-39842

Good to know:

Date: September 22, 2024

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.

Language: PHP

Severity Score

7.2

Related Resources (4)

Url: https://github.com/centreon/centreon/releases

Url: https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3809

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39842

Url: https://www.mend.io/vulnerability-database/CVE-2024-39842

Severity Score

7.2

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version centreon/centreon - dev-MON-15366-sanitized-queries-when-displaying-logos-2110;centreon/centreon - dev-Refacto-Poller-Menu;centreon/centreon - dev-hotfix-MON-15318-update-sql-errors-during-minors-update;centreon/centreon - dev-MON-11738-refresh-menus-when-enabling-export-conf-btn;centreon/centreon - dev-MON-15389-limit-data-22.04.x;centreon/centreon - dev-enh.ui.styles.develop;centreon/centreon - dev-MON-15124-impossible-to-see-jobs/reports-websso-user;centreon/centreon - dev-MON-15333;centreon/centreon - dev-MON-14142-alignment-in-business-activity-and-view-on-the-demo;centreon/centreon - dev-develop-to-master;centreon/centreon - dev-warning-ng;centreon/centreon - dev-MON-15022-improve-telemetry-authentications-22.04;centreon/centreon - dev-MON-15250-22.04;centreon/centreon - dev-MON-7436-Improve-Custom-Columns-Name-Display;centreon/centreon - dev-MON-15511-fix-translation-debian_22_04;centreon/centreon - dev-update-to-22.10.0-beta2;centreon/centreon - dev-MON-13478;centreon/centreon - dev-MON-14984-POST-repositories;centreon/centreon - dev-MON-15054;centreon/centreon - dev-RL-70-mock-fake-user-story;centreon/centreon - dev-doc-api-22.10;centreon/centreon - dev-MON-19924;centreon/centreon - dev-MON-14425-debian-package-improve-default-centreon-php-fpm-configuration;centreon/centreon - dev-MON-14833-ceip-add-missing-data-testid-on-authentication-fields;centreon/centreon - dev-MON-14999;centreon/centreon - dev-Bugfix_MON-15404_export_event_log;centreon/centreon - dev-MON-14646-integrate-new-theme-in-centreon-web;centreon/centreon - dev-MON-15182-redirection-rework;centreon/centreon - dev-MON-15779-2104;centreon/centreon - dev-MON-fix-openApi-doc-2.1;centreon/centreon - dev-MON-14797-debian-package-chrony-and-ntp-packages-in-conflict;centreon/centreon - dev-sonar-test3-20.10.x;centreon/centreon - dev-upgrade-eslint-plugin-hooks-0.4.1;centreon/centreon - dev-MON-14509-php-81;centreon/centreon - dev-MON-15180;centreon/centreon - dev-MON-11510;centreon/centreon - dev-MON-11972;centreon/centreon - dev-MON-15384-autologin;centreon/centreon - dev-MON-15169-cannot-export-csv-images-multiple-period-graphs;centreon/centreon - dev-MON-15284-fix-links-details-panel;centreon/centreon - dev-MON-13930-Panel-of-details-TIMELINE-tab;centreon/centreon - dev-platform-topology-schema-validation;centreon/centreon - dev-MON-15303-web-description-issue-on-configuration-pollers-engine-configuration-log-options-tab-service-check-timeout-option;centreon/centreon - dev-dependabot/npm_and_yarn/tests/e2e/loader-utils-1.4.2;centreon/centreon - dev-poc-redis;centreon/centreon - dev-MON-15400;centreon/centreon - dev-password-28;centreon/centreon - dev-MON-14137-ta-review-autologin-automation

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39842

Good to know:

Date: September 22, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?