Wiz
Vulnerability DatabaseCVE-2022-3827

CVE-2022-3827
PHP vulnerability analysis and mitigation

Overview

CVE-2022-3827 is a critical SQL injection vulnerability discovered in Centreon's contact groups form functionality, specifically affecting versions prior to 22.10.0-beta1. The vulnerability was found in the formContactGroup.php file of the application (FortiGuard Labs).

Technical details

The vulnerability exists in the contact groups form functionality where user input was not properly sanitized in SQL queries. The issue specifically occurred in the formContactGroup.php file where raw SQL queries were being executed without proper parameter binding (GitHub Commit). The vulnerability is classified as CWE-89 (SQL Injection) (FortiGuard Labs).

Impact

If exploited, this SQL injection vulnerability could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access, data manipulation, or exposure of sensitive information from the Centreon system (FortiGuard Labs).

Mitigation and workarounds

The recommended mitigation is to upgrade Centreon to version 22.10.0-beta1 or later. The fix involves implementing proper SQL parameter binding in the affected code, as demonstrated in the patch which replaces direct string concatenation with prepared statements (GitHub Commit).

Additional resources

SourceThis report was generated using AI

Related PHP vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13828CRITICAL9
  • PHPPHP
  • mautic/core
NoYesDec 02, 2025
CVE-2025-13827HIGH8.8
  • PHPPHP
  • mautic/grapes-js-builder-bundle
NoYesDec 02, 2025
CVE-2025-66312MEDIUM6.2
  • PHPPHP
  • getgrav/grav
NoYesDec 01, 2025
CVE-2025-66311MEDIUM6.2
  • PHPPHP
  • getgrav/grav
NoYesDec 01, 2025
CVE-2025-66310MEDIUM6.2
  • PHPPHP
  • getgrav/grav
NoYesDec 01, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo