Lucene search
China National Vulnerability DatabaseCNVD-2022-66770HistorySep 28, 2022 - 12:00 a.m.
Centreon SQL Injection Vulnerability (CNVD-2022-66770)
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
centreon
sql injection
v20.10.18
escalation name
configuration
notifications
escalations
validation
attacker
sensitive data
sql commands
0.001 Low
EPSS
Percentile
36.9%
Centreon (Merethis Centreon) is a set of open source system monitoring tools from the French company Centreon . A SQL injection vulnerability exists in Centreon v20.10.18, which stems from the esc_name (Escalation Name) parameter of its Configuration/Notifications/Escalations component Lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| centreon centreon v | eq | 20.10.18 |
Related
cve
cve
CVE-2022-40043
2022-09-26 16:15:13
osv
osv
Centreon SQL Injection vulnerability via esc_name parameter
2022-09-27 00:00:20
veracode
veracode
SQL Injection
2022-09-27 06:24:12
github
github
Centreon SQL Injection vulnerability via esc_name parameter
2022-09-27 00:00:20
nvd
nvd
CVE-2022-40043
2022-09-26 16:15:13
cvelist
cvelist
CVE-2022-40043
2022-09-26 15:38:17
prion
prion
Sql injection
2022-09-26 16:15:00