7.2
CVE-2025-4650
- EPSS 0.04%
- Veröffentlicht 22.08.2025 18:50:42
- Zuletzt bearbeitet 22.10.2025 14:05:53
- Quelle bd4443e6-1eef-43f3-9886-25fc9c
- CVE-Watchlists
- Unerledigt
LoginUser with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Centreon ≫ Centreon Web Version >= 23.10.0 < 23.10.26
Centreon ≫ Centreon Web Version >= 24.04.0 < 24.04.16
Centreon ≫ Centreon Web Version >= 24.10.0 < 24.10.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.125 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| bd4443e6-1eef-43f3-9886-25fc9ceeaae7 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.