CVE-2021-28053

Name of the Vulnerable Software and Affected Versions: Centreon Platform version 20.10.0

Description: A SQL injection issue was found in Centreon-Web, part of the Centreon Platform. This allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters in the "Configuration > Users > Contacts / Users" section.

Recommendations: For Centreon Platform version 20.10.0, as a temporary workaround, consider restricting access to the "Configuration > Users > Contacts / Users" section until a patch is available. Avoid using the Additional Information parameters in this section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.