Home

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.

PUBLISHED Reserved 2025-12-22 | Published 2026-01-05 | Updated 2026-01-08 | Assigner Centreon




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

25.10.0 (custom) before 25.10.2
affected

24.10.0 (custom) before 24.10.3
affected

24.04.0 (custom) before 24.04.3
affected

Credits

marceloQJ finder

References

github.com/centreon/centreon/releases

thewatch.centreon.com/...entreon-awie-critical-severity-5356 vendor-advisory

cve.org (CVE-2025-15029)

nvd.nist.gov (CVE-2025-15029)

Download JSON