diff --git a/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php b/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php
index a2356198567..cc9cddbba3e 100644
--- a/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php
+++ b/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php
@@ -77,22 +77,22 @@
 
 //Service Template Model list
 if ($search) {
-    $query = "SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description, sv.service_alias, " .
-        "sv.service_activate, sv.service_template_model_stm_id " .
-        "FROM service sv " .
-        "WHERE (sv.service_description LIKE '%" . $search . "%' OR sv.service_alias LIKE '%" . $search . "%') " .
+    $statement = $pearDB->prepare("SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description," .
+        " sv.service_alias, sv.service_activate, sv.service_template_model_stm_id FROM service sv " .
+        "WHERE (sv.service_description LIKE :search OR sv.service_alias LIKE :search) " .
         "AND sv.service_register = '0' " .
         $lockedFilter .
-        "ORDER BY service_description LIMIT " . $num * $limit . ", " . $limit;
+        "ORDER BY service_description LIMIT :offset, :limit");
+    $statement->bindValue(':search', '%' . $search . '%', \PDO::PARAM_STR);
 } else {
-    $query = "SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description, sv.service_alias, " .
-        "sv.service_activate, sv.service_template_model_stm_id " .
-        "FROM service sv " .
-        "WHERE sv.service_register = '0' " .
-        $lockedFilter .
-        "ORDER BY service_description LIMIT " . $num * $limit . ", " . $limit;
+    $statement = $pearDB->prepare("SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description," .
+        " sv.service_alias, sv.service_activate, sv.service_template_model_stm_id FROM service sv " .
+        "WHERE sv.service_register = '0' " . $lockedFilter .
+        "ORDER BY service_description LIMIT :offset, :limit");
 }
-$dbResult = $pearDB->query($query);
+$statement->bindValue(':limit', (int) $limit, \PDO::PARAM_INT);
+$statement->bindValue(':offset', (int) $num * (int) $limit, \PDO::PARAM_INT);
+$statement->execute();
 $rows = $pearDB->query("SELECT FOUND_ROWS()")->fetchColumn();
 
 include "./include/common/checkPagination.php";
@@ -137,7 +137,7 @@
 
 $centreonToken = createCSRFToken();
 
-for ($i = 0; $service = $dbResult->fetch(); $i++) {
+for ($i = 0; $service = $statement->fetch(); $i++) {
     $moptions = "";
     $selectedElements = $form->addElement('checkbox', "select[" . $service['service_id'] . "]");
     if (isset($lockedElements[$service['service_id']])) {