SQL Injection Vulnerability in Centreon Open Tickets Product
CVE-2024-45756

7.2HIGH

Key Information:

Vendor: Centreon
Status: Open Tickets
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-45756?

A security flaw has been identified in the Centreon Open Tickets product that allows SQL injection through the ticket creation form. This vulnerability affects multiple versions of the product, enabling an attacker with authenticated high-privileged access to manipulate SQL queries. As a result, unauthorized access to sensitive data could be facilitated. It is crucial for users to upgrade to the latest versions to mitigate this vulnerability.

References

https://github.com/centreon/centreon/release

https://thewatch.centreon.com/latest-security-bulletins-6...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2024

CVE-2024-45756 Data

JSON