Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9450

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9450
Last Modified 05 Jan 2015 10:05:24
Published 02 Jan 2015 03:59:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9450

Summary

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.

Vulnerable Systems

Application

  • Zabbix 1.8.21

  • Zabbix 2.0.1

  • Zabbix 2.0.10

  • Zabbix 2.0.11

  • Zabbix 2.0.12

  • Zabbix 2.0.13

  • Zabbix 2.0.2

  • Zabbix 2.0.3

  • Zabbix 2.0.4

  • Zabbix 2.0.5

  • Zabbix 2.0.6

  • Zabbix 2.0.7

  • Zabbix 2.0.8

  • Zabbix 2.0.9

  • Zabbix 2.2.0

  • Zabbix 2.2.1

  • Zabbix 2.2.2

  • Zabbix 2.2.3

  • Zabbix 2.2.4

  • Zabbix 2.2.5

  • Zabbix 2.2.6

  • Zabbix 2.2.7


References

CONFIRM - https://support.zabbix.com/browse/ZBX-8582

CONFIRM - http://www.zabbix.com/rn2.2.8.php

CONFIRM - http://www.zabbix.com/rn2.0.14.php

CONFIRM - http://www.zabbix.com/rn1.8.22.php

SECUNIA - 61554


Last Updated: 27 May 2016 11:07:26