CVE-2022-3827

Published: Nov 2, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability.

Affected (1)

Products: Centreon: Centreon

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Centreon Centreon	Before 22.10.0

Related CWEs

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

References (6)

https://github.com/centreon/centreon/commit/293b10628f7d9f83c6c82c78cf637cbe9b907369

Source: cna@vuldb.com

PatchThird Party Advisory

https://github.com/centreon/centreon/pull/11869

Source: cna@vuldb.com

Issue TrackingPatchThird Party Advisory

https://vuldb.com/?id.212794

Source: cna@vuldb.com

Third Party Advisory

https://github.com/centreon/centreon/commit/293b10628f7d9f83c6c82c78cf637cbe9b907369

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/centreon/centreon/pull/11869

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://vuldb.com/?id.212794

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.