2 matches found
CVE-2025-3872
CVE-2025-3872 is an SQL Injection vulnerability in Centreon centreon-web (User configuration form modules) that allows a high-privilege user to elevate to administrator by tampering the contact form payload. The issue affects Centreon Web versions listed by PT-Security (22.10.0–27, 23.04.0–23.04....
CVE-2025-3872 Privilege escalation by altering payload in contact form
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon centreon-web User configuration form modules allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its...