{"id":"CVE-2024-55573","details":"An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.","modified":"2026-04-10T05:18:35.857190Z","published":"2025-01-23T23:15:08.113Z","references":[{"type":"ADVISORY","url":"https://github.com/centreon/centreon/releases"},{"type":"ADVISORY","url":"https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/centreon/centreon","events":[{"introduced":"272591f468f73162aa9d790799d68db86648ac2e"},{"fixed":"b101013703778fae34db470c4d7d4c9bb2e0988d"},{"introduced":"755448bcd365969a97e902b856a1e5f56d80adaa"},{"fixed":"fb598ff8abcb72584bfde1e36c30fe2713a92883"},{"introduced":"7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3"},{"fixed":"2a2b4f298d1145f05f47bddb5522903a44e5792f"},{"introduced":"38e3f869ec4005acb857c92e3e2671bfa60879b4"},{"fixed":"111e987683bd40fdffb4d2eddc1b5a6157d5e92f"}],"database_specific":{"versions":[{"introduced":"23.04.0"},{"fixed":"23.04.24"},{"introduced":"23.10.0"},{"fixed":"23.10.19"},{"introduced":"24.04.0"},{"fixed":"24.04.9"},{"introduced":"24.10.0"},{"fixed":"24.10.3"}]}}],"versions":["centreon-awie-23.04.0","centreon-awie-23.04.1","centreon-awie-23.10.0","centreon-awie-24.04.0","centreon-awie-24.10.0","centreon-dsm-23.04.0","centreon-dsm-23.04.1","centreon-dsm-23.04.2","centreon-dsm-23.04.3","centreon-dsm-23.10.0","centreon-dsm-23.10.1","centreon-dsm-24.04.0","centreon-dsm-24.04.2","centreon-dsm-24.04.3","centreon-dsm-24.10.0","centreon-gorgone-23.04.0","centreon-gorgone-23.04.1","centreon-gorgone-23.04.10","centreon-gorgone-23.04.12","centreon-gorgone-23.04.15","centreon-gorgone-23.04.2","centreon-gorgone-23.04.3","centreon-gorgone-23.04.4","centreon-gorgone-23.04.5","centreon-gorgone-23.04.6","centreon-gorgone-23.04.7","centreon-gorgone-23.04.8","centreon-gorgone-23.04.9","centreon-gorgone-23.10.0","centreon-gorgone-23.10.1","centreon-gorgone-23.10.2","centreon-gorgone-23.10.3","centreon-gorgone-23.10.5","centreon-gorgone-23.10.6","centreon-gorgone-23.10.7","centreon-gorgone-23.10.8","centreon-gorgone-23.10.9","centreon-gorgone-24.04.0","centreon-gorgone-24.04.1","centreon-gorgone-24.04.2","centreon-ha-23.04.0","centreon-ha-23.10.0","centreon-ha-24.04.0","centreon-open-tickets-23.04.0","centreon-open-tickets-23.04.1","centreon-open-tickets-23.04.2","centreon-open-tickets-23.04.3","centreon-open-tickets-23.04.4","centreon-open-tickets-23.04.5","centreon-open-tickets-23.10.0","centreon-open-tickets-23.10.1","centreon-open-tickets-23.10.2","centreon-open-tickets-24.04.0","centreon-open-tickets-24.04.1","centreon-open-tickets-24.04.2","centreon-open-tickets-24.04.3","centreon-open-tickets-24.10.0","centreon-open-tickets-24.10.1","centreon-web-23.04.0","centreon-web-23.04.1","centreon-web-23.04.10","centreon-web-23.04.11","centreon-web-23.04.12","centreon-web-23.04.13","centreon-web-23.04.14","centreon-web-23.04.15","centreon-web-23.04.19","centreon-web-23.04.2","centreon-web-23.04.20","centreon-web-23.04.21","centreon-web-23.04.22","centreon-web-23.04.23","centreon-web-23.04.3","centreon-web-23.04.4","centreon-web-23.04.5","centreon-web-23.04.6","centreon-web-23.04.7","centreon-web-23.04.8","centreon-web-23.04.9","centreon-web-23.10.0","centreon-web-23.10.1","centreon-web-23.10.11","centreon-web-23.10.12","centreon-web-23.10.13","centreon-web-23.10.14","centreon-web-23.10.15","centreon-web-23.10.16","centreon-web-23.10.17","centreon-web-23.10.18","centreon-web-23.10.2","centreon-web-23.10.3","centreon-web-23.10.4","centreon-web-23.10.5","centreon-web-23.10.6","centreon-web-23.10.7","centreon-web-23.10.8","centreon-web-23.10.9","centreon-web-24.04.0","centreon-web-24.04.2","centreon-web-24.04.3","centreon-web-24.04.4","centreon-web-24.04.5","centreon-web-24.04.6","centreon-web-24.04.7","centreon-web-24.04.8","centreon-web-24.10.0","centreon-web-24.10.1","centreon-web-24.10.2","centreon-widget-engine-status-23.04.0","centreon-widget-engine-status-23.04.1","centreon-widget-engine-status-23.10.0","centreon-widget-global-health-23.04.0","centreon-widget-global-health-23.04.1","centreon-widget-global-health-23.10.0","centreon-widget-graph-monitoring-23.04.0","centreon-widget-graph-monitoring-23.04.2","centreon-widget-graph-monitoring-23.10.0","centreon-widget-host-monitoring-23.04.0","centreon-widget-host-monitoring-23.04.1","centreon-widget-host-monitoring-23.04.2","centreon-widget-host-monitoring-23.10.0","centreon-widget-host-monitoring-23.10.1","centreon-widget-hostgroup-monitoring-23.04.0","centreon-widget-hostgroup-monitoring-23.04.1","centreon-widget-hostgroup-monitoring-23.10.0","centreon-widget-httploader-23.04.0","centreon-widget-httploader-23.10.0","centreon-widget-live-top10-cpu-usage-23.04.0","centreon-widget-live-top10-cpu-usage-23.04.1","centreon-widget-live-top10-cpu-usage-23.10.0","centreon-widget-live-top10-memory-usage-23.04.0","centreon-widget-live-top10-memory-usage-23.04.1","centreon-widget-live-top10-memory-usage-23.10.0","centreon-widget-ntopng-listing-23.04.0","centreon-widget-ntopng-listing-23.10.0","centreon-widget-service-monitoring-23.04.0","centreon-widget-service-monitoring-23.04.1","centreon-widget-service-monitoring-23.10.0","centreon-widget-servicegroup-monitoring-23.04.0","centreon-widget-servicegroup-monitoring-23.04.1","centreon-widget-servicegroup-monitoring-23.10.0","centreon-widget-single-metric-23.04.0","centreon-widget-single-metric-23.04.1","centreon-widget-single-metric-23.10.0","centreon-widget-tactical-overview-23.04.0","centreon-widget-tactical-overview-23.04.1","centreon-widget-tactical-overview-23.10.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55573.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}