VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 23, 2024· Updated Aug 23, 2024

CVE-2024-33853

CVE-2024-33853

Description

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in Centreon Web's Timeperiod component allows authenticated attackers to execute arbitrary SQL queries.

Vulnerability

A SQL injection vulnerability exists in the Timeperiod component of Centreon Web. Affected versions include 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23 [1]. The vulnerability is present in the on-premise platform; Centreon Cloud platforms are not affected [1].

Exploitation

An attacker must have authenticated access to the Centreon Web interface. The SQL injection occurs within the Timeperiod component, likely through unsanitized user input passed to a database query. No additional privileges or network position beyond standard web access are required [1].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the Centreon database. This can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the monitoring platform [1].

Mitigation

Centreon has released fixed versions: Centreon Web 24.04.3, 23.10.13, 23.04.19, and 22.10.23 [1]. Users should update to the latest supported version. For unsupported versions, upgrading to 24.04 is recommended. No workarounds are provided [1].

References
  1. Security bulletin for Centreon Web

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Centreon/Centreon Webcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 24.04.x < 24.04.3, 23.10.x < 23.10.13, 23.04.x < 23.04.19, 22.10.x < 22.10.23

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.