Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.
A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.
This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3872.json",
"cna_assigner": "Centreon",
"cwe_ids": [
"CWE-89"
]
}{
"versions": [
{
"introduced": "22.10.0"
},
{
"fixed": "22.10.28"
}
]
}{
"versions": [
{
"introduced": "23.04.0"
},
{
"fixed": "23.04.25"
}
]
}{
"versions": [
{
"introduced": "23.10.0"
},
{
"fixed": "23.10.20"
}
]
}