CVE-2025-4650

Summary

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.

Affected Software

VendorProductVersion RangeStatus
Centreonweb24.10.0 < 24.10.9affected
Centreonweb24.04.0 < 24.04.16affected
Centreonweb23.10.0 < 23.10.26affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References