CVE-2022-42429 in Centreoninfo

Summary

by MITRE • 03/29/2023

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

10/03/2022

Disclosure

03/29/2023

Moderation

accepted

Entry

VDB-211321

CPE

ready

CWE

CWE-89 (confirmed)

CVSS

4.7 (VulDB)

EPSS

0.77617

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-42429
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-42429
CVE Details	https://www.cvedetails.com/cve/CVE-2022-42429/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!