exploitDog

CVE-2022-40043

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.

Ссылки

https://github.com/centreon/centreon/releases
Release Notes
Third Party Advisory
https://www.hakaioffensivesecurity.com/centreon-sqli-and-xss-vulnerability/
Exploit
Third Party Advisory
https://github.com/centreon/centreon/releases
Release Notes
Third Party Advisory
https://www.hakaioffensivesecurity.com/centreon-sqli-and-xss-vulnerability/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:centreon:centreon:20.10.18:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00145

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-25gv-wg6f-6frp

CVSS3: 8.8

github

почти 3 года назад

Centreon SQL Injection vulnerability via esc_name parameter

EPSS

Процентиль: 36%

0.00145

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

CWE-89