CVE-2024-45757 in Centreon
Summary
by MITRE • 12/03/2024
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/15/2025
The vulnerability identified as CVE-2024-45757 represents a critical sql injection flaw within the centreon-bam module of the Centreon monitoring platform. This issue affects multiple version streams including 24.04, 23.10, 23.04, and 22.10, indicating a widespread exposure across the product lifecycle. The vulnerability specifically manifests within the user-settings form functionality, which serves as a critical administrative interface for managing user permissions and system configurations. The flaw stems from inadequate input validation and sanitization mechanisms that fail to properly escape or parameterize user-supplied data before incorporating it into sql query structures. This creates a direct pathway for malicious actors to manipulate the underlying database through carefully crafted inputs that bypass normal security controls.
The exploitation of this vulnerability requires authenticated access with high-privileged user accounts, which significantly reduces the attack surface compared to fully public exploits. However, this requirement does not diminish the severity of the issue, as privileged accounts often possess extensive system access and can leverage this vulnerability to escalate their privileges further or extract sensitive information from the database. The attack vector specifically targets the user-settings form where administrators configure user permissions, roles, and access controls. When an authenticated user with elevated privileges submits malicious data through this interface, the application fails to properly validate or sanitize the input, allowing sql injection payloads to be executed directly against the backend database. This type of vulnerability falls under the common weakness enumeration category CWE-89, which specifically addresses sql injection vulnerabilities that occur when user-provided data is directly incorporated into sql commands without proper sanitization.
The operational impact of this vulnerability extends beyond simple data extraction, as successful exploitation could enable attackers to modify user permissions, create new administrative accounts, or even delete critical system data. The affected Centreon platform serves as a monitoring solution for critical infrastructure, making the potential consequences of unauthorized access particularly severe. Organizations relying on Centreon for network and system monitoring could face complete compromise of their monitoring capabilities, potentially leading to undetected security breaches or complete service disruption. The vulnerability's presence in multiple version streams suggests that organizations across different maintenance cycles remain exposed, indicating a systemic issue in input validation practices that requires immediate attention. The exploitation process would typically involve crafting malicious payloads that leverage the sql injection to either extract database schema information, bypass authentication mechanisms, or directly manipulate user records to gain persistence within the system.
Organizations should implement immediate mitigations including applying the latest security patches provided by Centreon, implementing additional input validation at the application level, and conducting comprehensive access reviews to ensure that only necessary users possess the elevated privileges required to access the vulnerable user-settings form. Network segmentation and monitoring of administrative access patterns can help detect potential exploitation attempts. The vulnerability also highlights the importance of following secure coding practices and implementing proper input sanitization techniques as recommended by the center for cybersecurity and the national institute of standards and technology. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities across the entire application stack, as sql injection represents one of the most prevalent and dangerous attack vectors in web applications according to the open web application security project. Additionally, organizations should consider implementing database activity monitoring solutions that can detect anomalous sql query patterns that may indicate exploitation attempts against similar vulnerabilities.