CVE ID : CVE-2025-3872
Published : April 24, 2025, 10:15 a.m. | 28 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.
A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.
This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More