7.2
CVE-2025-12514
- EPSS 0.02%
- Veröffentlicht 22.12.2025 10:59:18
- Zuletzt bearbeitet 26.01.2026 15:52:38
- Quelle bd4443e6-1eef-43f3-9886-25fc9c
- CVE-Watchlists
- Unerledigt
LoginImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows
SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Centreon ≫ Open Tickets Version >= 23.10.0 < 23.10.4
Centreon ≫ Open Tickets Version >= 24.04.0 < 24.04.5
Centreon ≫ Open Tickets Version >= 24.10.0 < 24.10.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.026 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.