CVE-2022-3827

EPSS 0.36%
Veröffentlicht 02.11.2022 13:15:18
Zuletzt bearbeitet 21.11.2024 07:20:19
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Centreon ≫ Centreon Version < 22.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.578

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-707 Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

https://github.com/centreon/centreon/commit/293b10628f7d9f83c6c82c78cf637cbe9b907369

Patch

Third Party Advisory

https://github.com/centreon/centreon/pull/11869

Patch

Third Party Advisory

Issue Tracking

https://vuldb.com/?id.212794

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3827

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3827

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3827

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3827