-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| centreon/centreon | composer | < 22.10.15 | 22.10.15 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies updateContactServiceCommands as the flawed function. The GitHub patch shows escaping added to template fields (RowMenu_name, RowMenu_desc, RowMenu_parent) that likely feed into SQL queries via this function. While the direct PHP code for updateContactServiceCommands isn't shown, the combination of 1) explicit CVE/ZDI attribution to this function, 2) SQL Injection CWE-89 context, and 3) template escaping fixes strongly implies these fields were vulnerable inputs processed by the function without proper SQL sanitization.
Ongoing coverage of React2Shell