CVE-2025-6791

High CVSS: 8.8

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.

Vendor

Centreon

Product

Centreon Web

CWE

CWE-89

Yayın Tarihi

2025-08-22 19:15:40

Güncelleme

2025-10-22 14:06:29

Source Identifier

bd4443e6-1eef-43f3-9886-25fc9ceeaae7

KEV Date Added

Kategoriler

CWE-89 Centreon Web HIGH Centreon 2025

Referanslar

https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900

Benzer Kayıtlar

Critical

CVE-2026-2749

Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue aff…

Critical

CVE-2026-2750

Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tick…

High

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web…

Critical

CVE-2025-15026

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import modul…

Critical

CVE-2025-15029

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Mon…

Medium

CVE-2025-12511

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon In…