High severityNVD Advisory· Published Apr 1, 2024· Updated Aug 1, 2024

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability

CVE-2024-23119

Description

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the insertGraphTemplate function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22339.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
centreon/centreonPackagist	< 22.10.15	22.10.15

Affected products

Centreon/Centreonv5
Range: 23.10.0

Patches

c6ee0f67544a

fix(legacy): escape fields (#2464)

https://github.com/centreon/centreonabuathierNov 2, 2023via ghsa

commit

1 file changed · +3 −3

centreon/www/include/configuration/configObject/host/listHost.ihtml+3 −3 modified

@@ -66,7 +66,7 @@
                     {else}
                         <img src="{$elemArr[elem].RowMenu_icone}" class="ico-18  margin_right"/>
                     {/if}
-                    {$elemArr[elem].RowMenu_name}
+                    {$elemArr[elem].RowMenu_name|escape}
                 </a>
             </td>
             <td class="ListColCenter">
@@ -77,11 +77,11 @@
                 </a>
             </td>
             <td class="ListColLeft resizeTitle">
-                <a href="{$elemArr[elem].RowMenu_link}">{$elemArr[elem].RowMenu_desc}</a>
+                <a href="{$elemArr[elem].RowMenu_link}">{$elemArr[elem].RowMenu_desc|escape}</a>
             </td>
             <td class="ListColCenter">{$elemArr[elem].RowMenu_address}</td>
             <td class="ListColCenter">{$elemArr[elem].RowMenu_poller}</td>
-            <td class="ListColCenter resizeTitle">{$elemArr[elem].RowMenu_parent}</td>
+            <td class="ListColCenter resizeTitle">{$elemArr[elem].RowMenu_parent|escape}</td>
             <td class="ListColCenter">
                 <span class="badge {$elemArr[elem].RowMenu_badge}">{$elemArr[elem].RowMenu_status}</span>
             </td>

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-626r-cj47-p49gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-23119ghsaADVISORY
www.zerodayinitiative.com/advisories/ZDI-24-113/mitrex_research-advisory
github.com/centreon/centreon/commit/c6ee0f67544a70524539b26e8ea92209676a5399ghsaWEB
github.com/centreon/centreon/pull/2464ghsaWEB
www.zerodayinitiative.com/advisories/ZDI-24-113ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.028
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000