CVE-2024-45756: 
Centreon vulnerability analysis and mitigation

A SQL injection vulnerability was discovered in Centreon centreon-open-tickets affecting multiple versions (24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2). The vulnerability exists in the form used to create tickets, though exploitation is limited to authenticated users with high-privileged access (NVD).

The vulnerability is classified as SQL injection (CWE-89) with a CVSS v3.1 base score of 7.2 (HIGH) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue specifically occurs in the ticket creation form functionality, where input validation is insufficient before being used in SQL queries (CERT-FR).

If exploited, this vulnerability could allow authenticated attackers with high privileges to execute arbitrary SQL commands through the ticket creation form. This could potentially lead to unauthorized data access, data manipulation, or broader system compromise (Centreon Watch).

Centreon has released fixes for all supported versions. Users should upgrade to Centreon Open Tickets 24.10.0, 24.04.2, 23.10.1, 23.04.4, or 22.10.4 depending on their current version. Before applying the patch, users should backup the folders /usr/share/centreon/www/modules/centreon-open-tickets and /usr/share/centreon/www/widgets/open-tickets to preserve any customizations (Centreon Watch).