Candidate: CVE-2020-22425
PublicDate: 2021-02-15 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22425
 https://code610.blogspot.com/2020/04/postauth-sqli-in-centreon-1910-1el7.html
 https://github.com/c610/free/
 https://github.com/c610/free/blob/master/Postauth%20SQLi%20in%20Centreon%2019.10-3.el7.pdf
Description:
 Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an
 authorized user is able to inject additional SQL queries to perform remote
 command execution.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Cody Sixteen
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_centreon-engine:
upstream_centreon-engine: needs-triage
precise/esm_centreon-engine: DNE
trusty_centreon-engine: ignored (out of standard support)
trusty/esm_centreon-engine: DNE
xenial_centreon-engine: DNE
bionic_centreon-engine: DNE
focal_centreon-engine: needs-triage
groovy_centreon-engine: ignored (reached end-of-life)
hirsute_centreon-engine: ignored (reached end-of-life)
impish_centreon-engine: needs-triage
jammy_centreon-engine: DNE
devel_centreon-engine: DNE