CVE-2024-39841
Description
A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL Injection in Centreon Web service configuration allows authenticated attackers to execute arbitrary SQL commands.
Vulnerability
The vulnerability is a SQL Injection in the service configuration functionality of Centreon Web. Affected versions include 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. [1]
Exploitation
An attacker must be authenticated and have access to the service configuration functionality. By providing crafted input, they can execute arbitrary SQL queries. [1]
Impact
Successful exploitation could allow the attacker to read, modify, or delete database contents, potentially leading to disclosure of sensitive information or further compromise. The advisory notes a severe impact. [1]
Mitigation
Fixes have been released in Centreon Web versions 24.04.3, 23.10.13, 23.04.19, and 22.10.23. Users should update to the latest version. Centreon Cloud platforms have already been patched. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <24.04.3, <23.10.13, <23.04.19, <22.10.23
Patches
4637c5e4f55d444c849f7a4f7851fbf7415a8b16b10c6d761Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.