- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
- Source
- bd4443e6-1eef-43f3-9886-25fc9ceeaae7
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- bd4443e6-1eef-43f3-9886-25fc9ceeaae7
- CWE-89
- Hype score
- Not currently trending
🚨 CVE-2025-3872 🔴 HIGH (7.2) 🏢 Centreon - Centreon 🏗️ 22.10.0 🔗 https://t.co/Wt2BQa8zfX 🔗 https://t.co/GpQ3fjqPRS #CyberCron #VulnAlert #InfoSec https://t.co/OGqCaNfRJd
@cybercronai
24 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-3872 | Centreon Web up to 22.10.27/23.04.24/23.10.19/24.04.9/24.10.3 User Configuration Form Module sql injection) has been published on https://t.co/Dc7hLs3Q8V
@WolfgangSesin
24 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3872 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL… https://t.co/s3JXz8uPy4
@CVEnew
24 Apr 2025
377 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes