CVE-2022-3827: SQL Injection
First published: Wed Nov 02 2022(Updated: )
A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Centreon Centreon | <22.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3827?
The severity of CVE-2022-3827 is critical with a severity value of 9.8.
How does CVE-2022-3827 affect centreon?
CVE-2022-3827 affects centreon by allowing remote attackers to initiate a SQL injection attack through manipulation of the 'cg_id' argument in the 'formContactGroup.php' file of the Contact Groups Form component.
What is the affected software version of CVE-2022-3827?
The affected software version of CVE-2022-3827 is up to exclusive version 22.10.0 of centreon.
How can I fix CVE-2022-3827?
To fix CVE-2022-3827, it is recommended to update centreon to a version that includes the fix described in the provided references.
What is the Common Weakness Enumeration (CWE) of CVE-2022-3827?
The Common Weakness Enumeration (CWE) of CVE-2022-3827 includes CWE-89 (SQL Injection), CWE-707 (Improper Enforcement of Message Integrity During Transmission in a Communication Channel), and CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'))
- collector/nvd-index
- vendor/centreon
- canonical/centreon centreon