CVE-2022-34871: Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
First published: Wed Aug 03 2022(Updated: )
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Centreon Centreon | =21.10.2 | |
| Centreon Centreon |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-34871.
What is the title of this vulnerability?
The title of this vulnerability is Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability.
What is the severity rating of CVE-2022-34871?
The severity rating of CVE-2022-34871 is high with a score of 7.2.
What software is affected by CVE-2022-34871?
Centreon Centreon version 21.10.2 is affected by CVE-2022-34871.
Is authentication required to exploit CVE-2022-34871?
Yes, authentication is required to exploit CVE-2022-34871.
- collector/nvd-index
- collector/zdi-advisory
- alias/ZDI-22-953
- alias/ZDI-CAN-16335
- alias/CVE-2022-34871
- vendor/centreon
- canonical/centreon centreon
- version/centreon centreon/21.10.2