Unrated severityNVD Advisory· Published Apr 24, 2025· Updated Apr 24, 2025
Privilege escalation by altering payload in contact form
CVE-2025-3872
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.
A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.
This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=22.10.0 <22.10.28 || >=23.04.0 <23.04.25 || >=23.10.0 <23.10.20 || >=24.04.0 <24.04.10 || >=24.10.0 <24.10.4+ 1 more
- (no CPE)range: >=22.10.0 <22.10.28 || >=23.04.0 <23.04.25 || >=23.10.0 <23.10.20 || >=24.04.0 <24.04.10 || >=24.10.0 <24.10.4
- (no CPE)range: 22.10.0
Patches
Vulnerability mechanics
References
2- thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55571-centreon-web-high-severity-4496mitrevendor-advisory
- github.com/centreon/centreon/releasesmitrerelease-notes
News mentions
0No linked articles in our index yet.