Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/centreon/centreon@22.4.0
purl pkg:composer/centreon/centreon@22.4.0
Next non-vulnerable version 22.4.1
Latest non-vulnerable version 22.10.15
Risk 0.3
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-2yzr-z6rz-xyfq
Aliases:
CVE-2022-42424
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556.
22.4.6
Affected by 0 other vulnerabilities.
VCID-78xa-1653-8ye9
Aliases:
CVE-2022-42427
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541.
22.4.6
Affected by 0 other vulnerabilities.
VCID-7jtg-kvwb-6few
Aliases:
CVE-2022-42425
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555.
22.4.6
Affected by 0 other vulnerabilities.
VCID-apev-ttxj-ckd9
Aliases:
CVE-2022-42429
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557.
22.4.6
Affected by 0 other vulnerabilities.
VCID-b6ca-xndf-h3bt
Aliases:
CVE-2022-42426
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.
22.4.6
Affected by 0 other vulnerabilities.
VCID-gxmk-ucjj-cbaf
Aliases:
CVE-2022-42428
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18410.
22.4.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-30T21:00:10.359896+00:00 GitLab Importer Affected by VCID-78xa-1653-8ye9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-42427.yml 38.6.0
2026-05-30T21:00:10.264804+00:00 GitLab Importer Affected by VCID-b6ca-xndf-h3bt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-42426.yml 38.6.0
2026-05-30T21:00:10.155143+00:00 GitLab Importer Affected by VCID-apev-ttxj-ckd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-42429.yml 38.6.0
2026-05-30T21:00:09.868185+00:00 GitLab Importer Affected by VCID-7jtg-kvwb-6few https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-42425.yml 38.6.0
2026-05-30T21:00:09.802803+00:00 GitLab Importer Affected by VCID-gxmk-ucjj-cbaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-42428.yml 38.6.0
2026-05-30T21:00:09.588586+00:00 GitLab Importer Affected by VCID-2yzr-z6rz-xyfq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2022-42424.yml 38.6.0