-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| centreon/centreon | composer | >= 18.0.0, < 18.10.0 | 18.10.0 |
| centreon/centreon | composer | >= 2.8.0, < 2.8.24 | 2.8.24 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized 'searchVM' parameter handling in Virtual Metrics functionality. Both patched versions explicitly mention SQL injection fixes in Virtual Metrics components through PRs #6628 and #6257. While the exact code changes aren't visible, the pattern of SQL injection fixes in this context strongly suggests the vulnerable function was responsible for building SQL queries using the 'searchVM' input. The medium confidence reflects the lack of direct code access, but the specific component references in release notes provide strong circumstantial evidence.