CVE-2022-3827

MEDIUM

centreon - SQL Injection

Title source: llm

Description

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability.

References (3)

[Patch, Third Party Advisory] https://github.com/centreon/centreon/commit/293b10628f7d9f83c6c82c78cf637cbe9b907369

View Patch ZIP pw:eip

[Issue Tracking, Patch, Third Party Advisory] https://github.com/centreon/centreon/pull/11869

[Third Party Advisory] https://vuldb.com/?id.212794

Scores

CVSS v3 6.3

EPSS 0.0038

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-707

Status published

Products (2)

centreon/centreon < 22.10.0

centreon/centreon 0 - 22.10.0-beta1Packagist

Published Nov 02, 2022

Tracked Since Feb 18, 2026