High severityNVD Advisory· Published Apr 1, 2024· Updated Aug 29, 2024

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability

CVE-2024-23117

Description

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the updateContactServiceCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22297.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
centreon/centreonPackagist	< 22.10.15	22.10.15

Affected products

Centreon/Centreonv5
Range: 23.10.0

Patches

c6ee0f67544a

fix(legacy): escape fields (#2464)

https://github.com/centreon/centreonabuathierNov 2, 2023via ghsa

commit

1 file changed · +3 −3

centreon/www/include/configuration/configObject/host/listHost.ihtml+3 −3 modified

@@ -66,7 +66,7 @@
                     {else}
                         <img src="{$elemArr[elem].RowMenu_icone}" class="ico-18  margin_right"/>
                     {/if}
-                    {$elemArr[elem].RowMenu_name}
+                    {$elemArr[elem].RowMenu_name|escape}
                 </a>
             </td>
             <td class="ListColCenter">
@@ -77,11 +77,11 @@
                 </a>
             </td>
             <td class="ListColLeft resizeTitle">
-                <a href="{$elemArr[elem].RowMenu_link}">{$elemArr[elem].RowMenu_desc}</a>
+                <a href="{$elemArr[elem].RowMenu_link}">{$elemArr[elem].RowMenu_desc|escape}</a>
             </td>
             <td class="ListColCenter">{$elemArr[elem].RowMenu_address}</td>
             <td class="ListColCenter">{$elemArr[elem].RowMenu_poller}</td>
-            <td class="ListColCenter resizeTitle">{$elemArr[elem].RowMenu_parent}</td>
+            <td class="ListColCenter resizeTitle">{$elemArr[elem].RowMenu_parent|escape}</td>
             <td class="ListColCenter">
                 <span class="badge {$elemArr[elem].RowMenu_badge}">{$elemArr[elem].RowMenu_status}</span>
             </td>

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/advisories/GHSA-j8hg-v5qv-9m28ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-23117ghsaADVISORY
www.zerodayinitiative.com/advisories/ZDI-24-115/mitrex_research-advisory
github.com/centreon/centreon/commit/c6ee0f67544a70524539b26e8ea92209676a5399ghsaWEB
github.com/centreon/centreon/pull/2464ghsaWEB
www.zerodayinitiative.com/advisories/ZDI-24-115ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.070
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000