Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
References
Link | Resource |
---|---|
http://www.zabbix.com/rn2.0.14.php | Vendor Advisory |
http://www.zabbix.com/rn2.2.8.php | Vendor Advisory |
http://secunia.com/advisories/61554 | |
https://support.zabbix.com/browse/ZBX-8582 | Vendor Advisory |
http://www.zabbix.com/rn1.8.22.php | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-01-02 12:59
Updated : 2015-01-05 19:05
NVD link : CVE-2014-9450
Mitre link : CVE-2014-9450
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
zabbix
- zabbix