CVE-2014-9450

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-9450
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.zabbix.com/rn2.0.14.php Vendor Advisory
http://www.zabbix.com/rn2.2.8.php Vendor Advisory
http://secunia.com/advisories/61554
https://support.zabbix.com/browse/ZBX-8582 Vendor Advisory
http://www.zabbix.com/rn1.8.22.php Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.11:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.9:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.11:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc4:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.13:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.3:rc2:*:*:*:*:*:*
Information

Published : 2015-01-02 12:59

Updated : 2015-01-05 19:05

NVD link : CVE-2014-9450

Mitre link : CVE-2014-9450

JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa
Products Affected

zabbix

  • zabbix