CVE-2022-42426: 
Centreon vulnerability analysis and mitigation

This vulnerability (CVE-2022-42426) affects Centreon installations and was disclosed on October 7th, 2022. The vulnerability allows remote attackers to escalate privileges on affected Centreon systems, though authentication is required for exploitation. It specifically exists within the handling of requests to modify poller broker configuration (Zero Day Initiative).

The vulnerability stems from improper validation of user-supplied strings before using them to construct SQL queries in the poller broker configuration functionality. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) by NIST NVD, while Zero Day Initiative rated it with a score of 7.2 HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (NVD).

An attacker who successfully exploits this vulnerability can leverage it to escalate privileges to the level of an administrator. This could potentially give them full control over the affected Centreon installation (Zero Day Initiative).

The vulnerability has been fixed in multiple versions of Centreon: centreon-web-21.04.19, centreon-web-21.10.11, and centreon-web-22.04.6. Organizations using affected versions should upgrade to these patched versions to mitigate the vulnerability (Zero Day Initiative).