PT-2022-24325 · Centreon · Centreon

Hyahiaoui-Ext

Published

2022-11-02

Updated

2022-11-04

CVE-2022-3827

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Centreon versions prior to 22.10.0-beta1

Description A critical issue has been identified, affecting the Contact Groups Form component, specifically the file formContactGroup.php. The manipulation of the cg id argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For versions prior to 22.10.0-beta1, apply the patch to fix this issue. As a temporary workaround, consider restricting access to the formContactGroup.php file or the Contact Groups Form component until the patch is applied. Avoid using the cg id argument in the affected component until the issue is resolved.

Fix

Improper Neutralization

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-89

Related Identifiers

CVE-2022-3827

GHSA-J5WX-JVW3-J363

Affected Products

Centreon

PT-2022-24325 · Centreon · Centreon

CVE-2022-3827

Weakness Enumeration

Related Identifiers

Affected Products

References · 7