CVE-2022-42428: 
Centreon vulnerability analysis and mitigation

CVE-2022-42428 is a SQL injection vulnerability discovered in Centreon's poller broker configuration handling. The vulnerability was disclosed on March 29, 2023, affecting multiple versions of Centreon software. The issue affects Centreon installations up to versions 21.04.19, 21.10.11, and 22.04.6 (ZDI Advisory).

The vulnerability stems from improper validation of user-supplied strings used in SQL query construction within the poller broker configuration handling. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command (NVD).

If successfully exploited, this vulnerability allows authenticated remote attackers to escalate their privileges to administrator level. This could potentially give attackers full control over the affected Centreon installation, compromising the confidentiality, integrity, and availability of the system (ZDI Advisory).

The vulnerability has been fixed in Centreon Web versions 21.04.19, 21.10.11, and 22.04.6. Organizations running affected versions should upgrade to the patched versions to mitigate this vulnerability (ZDI Advisory).