Second order SQL injection available to user with low privilege

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

On the monitoring event logs page, it is possible to alter the http request to insert a payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.

This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.

Basic Information

ID CVE-2025-6791

Source Centreon

Published Aug 22, 2025 at 18:56

Modified Aug 22, 2025 at 20:12

Affected Product

Vendor Centreon

Product web

Version 24.10.0

Affected Versions Centreon web 24.10.0
Centreon web 24.04.0
Centreon web 23.10.0

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "On the monitoring event logs page, it is possible to alter the http request to insert a payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.\n\nThis issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.",
    "published": "2025-08-22T18:56:28.027Z",
    "modified": "2025-08-22T20:12:00.289Z",
    "type": "cve",
    "title": "Second order SQL injection available to user with low privilege",
    "source": "Centreon",
    "references": "https://github.com/centreon/centreon/releases\nhttps://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900",
    "id": "CVE-2025-6791",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Centreon web 24.10.0\nCentreon web 24.04.0\nCentreon web 23.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "web",
    "version": "24.10.0",
    "vendor": "Centreon",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Second order SQL injection available to user with low privilege_CVE-2025-6791