{"id":"CVE-2024-23118","details":"Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22298.","aliases":["GHSA-2j4g-v4fv-rhwg"],"modified":"2026-04-09T09:58:43.777097Z","published":"2024-04-01T22:15:14.833Z","references":[{"type":"FIX","url":"https://www.zerodayinitiative.com/advisories/ZDI-24-114/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/centreon/centreon","events":[{"introduced":"0"},{"fixed":"b0c74f195b1b48c7af9ec168db3cfbcade99da7f"},{"introduced":"65a95e7459a02268291f42ad19907b6b66f3e6e2"},{"fixed":"7da889f8f1611f0bd65bf6d798801eb7f21c00d0"},{"introduced":"272591f468f73162aa9d790799d68db86648ac2e"},{"fixed":"ae3e65aa021a2deec452742b8ff09f8f63cdd40d"},{"introduced":"755448bcd365969a97e902b856a1e5f56d80adaa"},{"fixed":"c5a9b088358a21efc8f8f7a199b89fd7ef2a3b9c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"22.04.19"},{"introduced":"22.10.2"},{"fixed":"22.10.17"},{"introduced":"23.04.0"},{"fixed":"23.04.13"},{"introduced":"23.10.0"},{"fixed":"23.10.5"}]}}],"versions":["centreon-awie-22.04.0","centreon-awie-22.04.1","centreon-awie-22.04.2","centreon-awie-22.04.3","centreon-awie-22.10.0","centreon-awie-23.04.0","centreon-awie-23.04.1","centreon-awie-23.10.0","centreon-dsm-22.04.0","centreon-dsm-22.04.1","centreon-dsm-22.04.2","centreon-dsm-22.10.0","centreon-dsm-22.10.1","centreon-dsm-23.04.0","centreon-dsm-23.04.1","centreon-dsm-23.04.2","centreon-dsm-23.10.0","centreon-dsm-23.10.1","centreon-dsm-23.10.2","centreon-dsm-23.10.3","centreon-dsm-23.10.4","centreon-frontend-22.04.0","centreon-frontend-22.04.1","centreon-gorgone-22.04.1","centreon-gorgone-22.04.2","centreon-gorgone-22.04.3","centreon-gorgone-22.04.4","centreon-gorgone-22.10.0","centreon-gorgone-22.10.1","centreon-gorgone-22.10.2","centreon-gorgone-22.10.3","centreon-gorgone-23.04.0","centreon-gorgone-23.04.1","centreon-gorgone-23.04.2","centreon-gorgone-23.04.3","centreon-gorgone-23.04.4","centreon-gorgone-23.04.5","centreon-gorgone-23.04.6","centreon-gorgone-23.04.7","centreon-gorgone-23.04.8","centreon-gorgone-23.04.9","centreon-gorgone-23.10.0","centreon-gorgone-23.10.1","centreon-gorgone-23.10.2","centreon-gorgone-23.10.3","centreon-gorgone-23.10.5","centreon-gorgone-23.10.6","centreon-gorgone-23.10.7","centreon-gorgone-23.10.8","centreon-gorgone-23.10.9","centreon-ha-22.04.0","centreon-ha-22.04.1","centreon-ha-22.04.2","centreon-ha-22.10.0","centreon-ha-22.10.1","centreon-ha-23.04.0","centreon-ha-23.10.0","centreon-ha-23.10.1","centreon-open-tickets-22.04.0","centreon-open-tickets-22.04.1","centreon-open-tickets-22.04.2","centreon-open-tickets-22.10.0","centreon-open-tickets-22.10.1","centreon-open-tickets-22.10.2","centreon-open-tickets-23.04.0","centreon-open-tickets-23.04.1","centreon-open-tickets-23.04.2","centreon-open-tickets-23.10.0","centreon-open-tickets-23.10.1","centreon-open-tickets-23.10.2","centreon-open-tickets-23.10.3","centreon-web-22.04.10","centreon-web-22.04.11","centreon-web-22.04.12","centreon-web-22.04.13","centreon-web-22.04.14","centreon-web-22.04.15","centreon-web-22.04.16","centreon-web-22.04.17","centreon-web-22.04.18","centreon-web-22.04.7","centreon-web-22.04.8","centreon-web-22.04.9","centreon-web-22.10.10","centreon-web-22.10.11","centreon-web-22.10.12","centreon-web-22.10.13","centreon-web-22.10.14","centreon-web-22.10.15","centreon-web-22.10.16","centreon-web-22.10.2","centreon-web-22.10.3","centreon-web-22.10.4","centreon-web-22.10.5","centreon-web-22.10.6","centreon-web-22.10.7","centreon-web-22.10.8","centreon-web-22.10.9","centreon-web-23.04.0","centreon-web-23.04.1","centreon-web-23.04.10","centreon-web-23.04.11","centreon-web-23.04.12","centreon-web-23.04.2","centreon-web-23.04.3","centreon-web-23.04.4","centreon-web-23.04.5","centreon-web-23.04.6","centreon-web-23.04.7","centreon-web-23.04.8","centreon-web-23.04.9","centreon-web-23.10.0","centreon-web-23.10.1","centreon-web-23.10.11","centreon-web-23.10.12","centreon-web-23.10.13","centreon-web-23.10.14","centreon-web-23.10.15","centreon-web-23.10.16","centreon-web-23.10.17","centreon-web-23.10.18","centreon-web-23.10.19","centreon-web-23.10.2","centreon-web-23.10.20","centreon-web-23.10.21","centreon-web-23.10.22","centreon-web-23.10.23","centreon-web-23.10.24","centreon-web-23.10.25","centreon-web-23.10.26","centreon-web-23.10.27","centreon-web-23.10.3","centreon-web-23.10.4","centreon-web-23.10.5","centreon-web-23.10.6","centreon-web-23.10.7","centreon-web-23.10.8","centreon-web-23.10.9","centreon-widget-engine-status-22.04.0","centreon-widget-engine-status-22.04.1","centreon-widget-engine-status-22.10.0","centreon-widget-engine-status-22.10.1","centreon-widget-engine-status-23.04.0","centreon-widget-engine-status-23.04.1","centreon-widget-engine-status-23.10.0","centreon-widget-global-health-22.04.0","centreon-widget-global-health-22.04.1","centreon-widget-global-health-22.10.0","centreon-widget-global-health-22.10.1","centreon-widget-global-health-23.04.0","centreon-widget-global-health-23.04.1","centreon-widget-global-health-23.10.0","centreon-widget-graph-monitoring-22.04.0","centreon-widget-graph-monitoring-22.04.1","centreon-widget-graph-monitoring-22.10.0","centreon-widget-graph-monitoring-22.10.1","centreon-widget-graph-monitoring-23.04.0","centreon-widget-graph-monitoring-23.04.2","centreon-widget-graph-monitoring-23.10.0","centreon-widget-graph-monitoring-23.10.1","centreon-widget-grid-map-22.04.0","centreon-widget-grid-map-22.10.0","centreon-widget-host-monitoring-22.04.0","centreon-widget-host-monitoring-22.04.1","centreon-widget-host-monitoring-22.10.0","centreon-widget-host-monitoring-22.10.1","centreon-widget-host-monitoring-23.04.0","centreon-widget-host-monitoring-23.04.1","centreon-widget-host-monitoring-23.10.0","centreon-widget-host-monitoring-23.10.1","centreon-widget-host-monitoring-23.10.2","centreon-widget-host-monitoring-23.10.4","centreon-widget-hostgroup-monitoring-22.04.0","centreon-widget-hostgroup-monitoring-22.04.1","centreon-widget-hostgroup-monitoring-22.10.0","centreon-widget-hostgroup-monitoring-22.10.1","centreon-widget-hostgroup-monitoring-23.04.0","centreon-widget-hostgroup-monitoring-23.04.1","centreon-widget-hostgroup-monitoring-23.10.0","centreon-widget-hostgroup-monitoring-23.10.1","centreon-widget-hostgroup-monitoring-23.10.2","centreon-widget-httploader-22.04.0","centreon-widget-httploader-22.04.1","centreon-widget-httploader-22.10.0","centreon-widget-httploader-23.04.0","centreon-widget-httploader-23.10.0","centreon-widget-live-top10-cpu-usage-22.04.0","centreon-widget-live-top10-cpu-usage-22.04.1","centreon-widget-live-top10-cpu-usage-22.10.0","centreon-widget-live-top10-cpu-usage-22.10.1","centreon-widget-live-top10-cpu-usage-23.04.0","centreon-widget-live-top10-cpu-usage-23.04.1","centreon-widget-live-top10-cpu-usage-23.10.0","centreon-widget-live-top10-cpu-usage-23.10.1","centreon-widget-live-top10-memory-usage-22.04.0","centreon-widget-live-top10-memory-usage-22.04.1","centreon-widget-live-top10-memory-usage-22.10.0","centreon-widget-live-top10-memory-usage-22.10.1","centreon-widget-live-top10-memory-usage-23.04.0","centreon-widget-live-top10-memory-usage-23.04.1","centreon-widget-live-top10-memory-usage-23.10.0","centreon-widget-live-top10-memory-usage-23.10.1","centreon-widget-ntopng-listing-22.04.0","centreon-widget-ntopng-listing-22.04.1","centreon-widget-ntopng-listing-22.10.0","centreon-widget-ntopng-listing-23.04.0","centreon-widget-ntopng-listing-23.10.0","centreon-widget-service-monitoring-22.04.0","centreon-widget-service-monitoring-22.04.1","centreon-widget-service-monitoring-22.04.2","centreon-widget-service-monitoring-22.10.0","centreon-widget-service-monitoring-22.10.2","centreon-widget-service-monitoring-22.10.3","centreon-widget-service-monitoring-23.04.0","centreon-widget-service-monitoring-23.04.1","centreon-widget-service-monitoring-23.10.0","centreon-widget-service-monitoring-23.10.1","centreon-widget-service-monitoring-23.10.2","centreon-widget-servicegroup-monitoring-22.04.0","centreon-widget-servicegroup-monitoring-22.04.1","centreon-widget-servicegroup-monitoring-22.04.2","centreon-widget-servicegroup-monitoring-22.10.0","centreon-widget-servicegroup-monitoring-22.10.1","centreon-widget-servicegroup-monitoring-23.04.0","centreon-widget-servicegroup-monitoring-23.04.1","centreon-widget-servicegroup-monitoring-23.10.0","centreon-widget-servicegroup-monitoring-23.10.1","centreon-widget-servicegroup-monitoring-23.10.3","centreon-widget-single-metric-22.04.0","centreon-widget-single-metric-22.04.1","centreon-widget-single-metric-22.10.0","centreon-widget-single-metric-22.10.1","centreon-widget-single-metric-23.04.0","centreon-widget-single-metric-23.04.1","centreon-widget-single-metric-23.10.0","centreon-widget-tactical-overview-22.04.0","centreon-widget-tactical-overview-22.04.1","centreon-widget-tactical-overview-22.10.0","centreon-widget-tactical-overview-22.10.1","centreon-widget-tactical-overview-23.04.0","centreon-widget-tactical-overview-23.04.1","centreon-widget-tactical-overview-23.10.0","js-config-22.10.4","js-config-22.4.1","js-config-22.4.2","js-config-22.4.3","js-config-22.4.5","js-config-22.4.6","ui-22.10.6","ui-22.10.7","ui-22.10.8","ui-22.4.1","ui-22.4.2","ui-22.4.3","ui-22.4.4","ui-context-22.10.2","ui-context-22.10.3","ui-context-22.10.4","ui-context-22.10.5","ui-context-22.4.1","ui-context-22.4.3","ui-context-22.4.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23118.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}