Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/centreon/centreon@22.4.6
Typecomposer
Namespacecentreon
Namecentreon
Version22.4.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version22.10.15
Latest_non_vulnerable_version22.10.15
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2yzr-z6rz-xyfq
vulnerability_id VCID-2yzr-z6rz-xyfq
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42424
reference_id
reference_type
scores
0
value 0.64892
scoring_system epss
scoring_elements 0.98489
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42424
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-22-1395/
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:30:27Z/
url https://www.zerodayinitiative.com/advisories/ZDI-22-1395/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42424
reference_id CVE-2022-42424
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42424
fixed_packages
0
url pkg:composer/centreon/centreon@21.4.19
purl pkg:composer/centreon/centreon@21.4.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.19
1
url pkg:composer/centreon/centreon@21.10.11
purl pkg:composer/centreon/centreon@21.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.10.11
2
url pkg:composer/centreon/centreon@22.4.6
purl pkg:composer/centreon/centreon@22.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6
aliases CVE-2022-42424
risk_score 0.3
exploitability 0.5
weighted_severity 0.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yzr-z6rz-xyfq
1
url VCID-78xa-1653-8ye9
vulnerability_id VCID-78xa-1653-8ye9
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42427
reference_id
reference_type
scores
0
value 0.64892
scoring_system epss
scoring_elements 0.98489
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42427
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-22-1398/
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:32:57Z/
url https://www.zerodayinitiative.com/advisories/ZDI-22-1398/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42427
reference_id CVE-2022-42427
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42427
fixed_packages
0
url pkg:composer/centreon/centreon@21.10.11
purl pkg:composer/centreon/centreon@21.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.10.11
1
url pkg:composer/centreon/centreon@22.4.6
purl pkg:composer/centreon/centreon@22.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6
aliases CVE-2022-42427
risk_score 0.3
exploitability 0.5
weighted_severity 0.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78xa-1653-8ye9
2
url VCID-7jtg-kvwb-6few
vulnerability_id VCID-7jtg-kvwb-6few
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42425
reference_id
reference_type
scores
0
value 0.64892
scoring_system epss
scoring_elements 0.98489
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42425
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-22-1396/
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:32:20Z/
url https://www.zerodayinitiative.com/advisories/ZDI-22-1396/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42425
reference_id CVE-2022-42425
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42425
fixed_packages
0
url pkg:composer/centreon/centreon@21.4.19
purl pkg:composer/centreon/centreon@21.4.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.19
1
url pkg:composer/centreon/centreon@21.10.11
purl pkg:composer/centreon/centreon@21.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.10.11
2
url pkg:composer/centreon/centreon@22.4.6
purl pkg:composer/centreon/centreon@22.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6
aliases CVE-2022-42425
risk_score 0.3
exploitability 0.5
weighted_severity 0.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jtg-kvwb-6few
3
url VCID-apev-ttxj-ckd9
vulnerability_id VCID-apev-ttxj-ckd9
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42429
reference_id
reference_type
scores
0
value 0.59384
scoring_system epss
scoring_elements 0.98276
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42429
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-22-1394/
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:33:42Z/
url https://www.zerodayinitiative.com/advisories/ZDI-22-1394/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42429
reference_id CVE-2022-42429
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42429
fixed_packages
0
url pkg:composer/centreon/centreon@21.4.19
purl pkg:composer/centreon/centreon@21.4.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.19
1
url pkg:composer/centreon/centreon@21.10.11
purl pkg:composer/centreon/centreon@21.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.10.11
2
url pkg:composer/centreon/centreon@22.4.6
purl pkg:composer/centreon/centreon@22.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6
aliases CVE-2022-42429
risk_score 0.2
exploitability 0.5
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apev-ttxj-ckd9
4
url VCID-b6ca-xndf-h3bt
vulnerability_id VCID-b6ca-xndf-h3bt
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42426
reference_id
reference_type
scores
0
value 0.58996
scoring_system epss
scoring_elements 0.9826
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42426
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-22-1397/
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:32:38Z/
url https://www.zerodayinitiative.com/advisories/ZDI-22-1397/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42426
reference_id CVE-2022-42426
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42426
fixed_packages
0
url pkg:composer/centreon/centreon@21.4.19
purl pkg:composer/centreon/centreon@21.4.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.19
1
url pkg:composer/centreon/centreon@21.10.11
purl pkg:composer/centreon/centreon@21.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.10.11
2
url pkg:composer/centreon/centreon@22.4.6
purl pkg:composer/centreon/centreon@22.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6
aliases CVE-2022-42426
risk_score 0.2
exploitability 0.5
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ca-xndf-h3bt
5
url VCID-gxmk-ucjj-cbaf
vulnerability_id VCID-gxmk-ucjj-cbaf
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18410.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42428
reference_id
reference_type
scores
0
value 0.58996
scoring_system epss
scoring_elements 0.9826
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42428
1
reference_url https://www.zerodayinitiative.com/advisories/ZDI-22-1399/
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:33:18Z/
url https://www.zerodayinitiative.com/advisories/ZDI-22-1399/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42428
reference_id CVE-2022-42428
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42428
fixed_packages
0
url pkg:composer/centreon/centreon@21.4.19
purl pkg:composer/centreon/centreon@21.4.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.19
1
url pkg:composer/centreon/centreon@21.10.11
purl pkg:composer/centreon/centreon@21.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.10.11
2
url pkg:composer/centreon/centreon@22.4.6
purl pkg:composer/centreon/centreon@22.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6
aliases CVE-2022-42428
risk_score 0.2
exploitability 0.5
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxmk-ucjj-cbaf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@22.4.6