VulnerableCode Package Details - pkg:composer/centreon/centreon@21.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-qrd5-6c24-auf7 Aliases: CVE-2021-37556	SQL Injection A SQL injection vulnerability in reporting export in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.	21.4.2 Affected by 0 other vulnerabilities.
VCID-tq65-7cpg-gbe6 Aliases: CVE-2021-37558	SQL Injection A SQL injection vulnerability in a MediaWiki script in Centreon allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters.	21.4.2 Affected by 0 other vulnerabilities.
VCID-wt74-vp5g-qqfu Aliases: CVE-2021-37557	SQL Injection A SQL injection vulnerability in image generation in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.	21.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-qrd5-6c24-auf7
Aliases:
CVE-2021-37556

SQL Injection A SQL injection vulnerability in reporting export in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.

21.4.2
Affected by 0 other vulnerabilities.

VCID-tq65-7cpg-gbe6
Aliases:
CVE-2021-37558

SQL Injection A SQL injection vulnerability in a MediaWiki script in Centreon allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters.

21.4.2
Affected by 0 other vulnerabilities.

VCID-wt74-vp5g-qqfu
Aliases:
CVE-2021-37557

SQL Injection A SQL injection vulnerability in image generation in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.

21.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7v2t-rcz8-pkeb	Centreon SQL Injection vulnerability via esc_name parameter Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the `esc_name` (Escalation Name) parameter at `Configuration/Notifications/Escalations`. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.	CVE-2022-40043 GHSA-25gv-wg6f-6frp
VCID-g6yr-bb2h-dbg3	Centreon contains cross-site scripting vulnerability via esc_name parameter Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the `esc_name` (Escalation Name) parameter at `Configuration/Notifications/Escalations`. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.	CVE-2022-40044 GHSA-rv5q-72p2-2q24

Vulnerability

Summary

Aliases

VCID-7v2t-rcz8-pkeb

Centreon SQL Injection vulnerability via esc_name parameter Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the `esc_name` (Escalation Name) parameter at `Configuration/Notifications/Escalations`. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.

CVE-2022-40043
GHSA-25gv-wg6f-6frp

VCID-g6yr-bb2h-dbg3

Centreon contains cross-site scripting vulnerability via esc_name parameter Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the `esc_name` (Escalation Name) parameter at `Configuration/Notifications/Escalations`. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.

CVE-2022-40044
GHSA-rv5q-72p2-2q24

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T17:12:20.006486+00:00	GitLab Importer	Fixing	VCID-7v2t-rcz8-pkeb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-40043.yml	38.6.0
2026-06-05T17:12:19.834885+00:00	GitLab Importer	Fixing	VCID-g6yr-bb2h-dbg3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-40044.yml	38.6.0
2026-06-02T04:39:34.935261+00:00	GitLab Importer	Affected by	VCID-qrd5-6c24-auf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-37556.yml	38.6.0
2026-06-02T04:39:34.613599+00:00	GitLab Importer	Affected by	VCID-tq65-7cpg-gbe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-37558.yml	38.6.0
2026-06-02T04:39:34.529623+00:00	GitLab Importer	Affected by	VCID-wt74-vp5g-qqfu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-37557.yml	38.6.0