CVE-2024-0637 – This SQL injection vulnerability in Centreon's ... (How to Fix)

Q: What is the severity of CVE-2024-0637?

CVE-2024-0637 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in Centreon's updateDirectory function allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to remote code execution. Affected installations of Centreon monitoring software are vulnerable if attackers have valid credentials. The vulnerability stems from improper input validation in SQL query construction.

📋 TL;DR

This SQL injection vulnerability in Centreon's updateDirectory function allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to remote code execution. Affected installations of Centreon monitoring software are vulnerable if attackers have valid credentials. The vulnerability stems from improper input validation in SQL query construction.

💻 Affected Systems

Products:

Centreon

Versions: Specific affected versions not specified in provided references, but likely multiple recent versions prior to patch

Operating Systems: Linux-based systems running Centreon

Default Config Vulnerable: ⚠️ Yes

Notes: Authentication is required to exploit this vulnerability, so only systems with user accounts are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining service account privileges, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Database compromise, sensitive information disclosure, and potential privilege escalation within the Centreon application.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and least privilege service accounts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are well-understood and easily weaponized, though authentication requirement adds a barrier.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Centreon security advisories for specific patched version

Vendor Advisory: https://www.centreon.com/en/security/

Restart Required: Yes

Instructions:

1. Check current Centreon version
2. Apply latest security updates via package manager
3. Restart Centreon services
4. Verify patch application

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for directory parameters to reject SQL special characters

Implement application-level input validation in updateDirectory function

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns

Configure WAF to detect and block SQL injection attempts

🧯 If You Can't Patch

Implement network segmentation to isolate Centreon servers
Enforce strong authentication policies and monitor for suspicious login attempts

🔍 How to Verify

Check if Vulnerable:

Check Centreon version against security advisory; test with authorized SQL injection testing tools

Check Version:

centreon -v or check Centreon web interface version information

Verify Fix Applied:

Verify Centreon version is updated to patched version; test SQL injection attempts are properly blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by SQL errors
Suspicious directory parameter values in web logs

Network Indicators:

SQL error messages in HTTP responses
Unusual database connection patterns from web server

SIEM Query:

source="centreon.log" AND ("SQL" OR "syntax" OR "updateDirectory")

📊 Metadata

CVE ID: CVE-2024-0637

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 1, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-118/ Patch,Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-118/ Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0637, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Filter

WAF Rule

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities