VYPR
Unrated severityNVD Advisory· Published Apr 24, 2025· Updated Apr 24, 2025

Privilege escalation by altering payload in contact form

CVE-2025-3872

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.

A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.

This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Centreon/Centreonllm-fuzzy2 versions
    >=22.10.0 <22.10.28 || >=23.04.0 <23.04.25 || >=23.10.0 <23.10.20 || >=24.04.0 <24.04.10 || >=24.10.0 <24.10.4+ 1 more
    • (no CPE)range: >=22.10.0 <22.10.28 || >=23.04.0 <23.04.25 || >=23.10.0 <23.10.20 || >=24.04.0 <24.04.10 || >=24.10.0 <24.10.4
    • (no CPE)range: 22.10.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.