CVE-2025-3872

216.73.216.6

· Published 24/04/2025 10:15 · Modified 24/04/2025 10:15

Labels: CVE-2025-3872 2025-04-24 CVE-2025-3872 CWE-89 bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Essential information

Published: 24/04/2025 10:15
Modified: 24/04/2025 10:15
Author: —
Creator: —
CVSS: 7.2 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7
NVD: View on NVD

Affected products (CPE)

Product	CPE
centreon / centreon	`cpe:2.3:a:centreon:centreon::22.10.0-22.10.28::::::*`
centreon / centreon	`cpe:2.3:a:centreon:centreon::23.04.0-23.04.25::::::*`
centreon / centreon	`cpe:2.3:a:centreon:centreon::23.10.0-23.10.20::::::*`
centreon / centreon	`cpe:2.3:a:centreon:centreon::24.04.0-24.04.10::::::*`
centreon / centreon	`cpe:2.3:a:centreon:centreon::24.10.0-24.10.4::::::*`