Centreon Web DC-2024-5725: Remote Code Execution Vulnerability

2024-11-26

This article describes a critical vulnerability (CVE-2024-5725) in Centreon Web that allows remote attackers to execute arbitrary code on affected systems.

Form:

Platform: Centreon Web
Version: All versions before the fixes mentioned below
Vulnerability: SQL Injection leading to Remote Code Execution
Severity: Critical
Date: August 21, 2024 (reported), November 25, 2024 (last modified in NVD)

What Undercode Says:

This vulnerability is caused by improper validation of user-supplied data in the `initCurveList` function of Centreon Web. An attacker can exploit this to inject malicious SQL code and potentially take complete control of the system running under the apache user account.

Here’s what you need to do:

1. Update Centreon Web to the latest patched versions:

Centreon Web 24.04.3

Centreon Web 23.10.13

Centreon Web 23.04.19

Centreon Web 22.10.23

2. If updating is not possible immediately, consider mitigating the risk by restricting access to the Centreon Web interface only from trusted networks.

Remember: Early patching is crucial to avoid being exploited. Don’t wait, update now!

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top