Lucene search
HistoryJan 02, 2015 - 8:59 p.m.
CVE-2014-9450
cve-2014-9450
sql injection
zabbix
security vulnerability
remote code execution
8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.6%
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
Affected configurations
Node
zabbixzabbixRange≤1.8.21
ORzabbixzabbixMatch2.0.1
ORzabbixzabbixMatch2.0.1rc1
ORzabbixzabbixMatch2.0.1rc2
ORzabbixzabbixMatch2.0.2
ORzabbixzabbixMatch2.0.2rc1
ORzabbixzabbixMatch2.0.2rc2
ORzabbixzabbixMatch2.0.3
ORzabbixzabbixMatch2.0.3rc1
ORzabbixzabbixMatch2.0.3rc2
ORzabbixzabbixMatch2.0.4
ORzabbixzabbixMatch2.0.4rc1
ORzabbixzabbixMatch2.0.5
ORzabbixzabbixMatch2.0.5rc1
ORzabbixzabbixMatch2.0.6
ORzabbixzabbixMatch2.0.6rc1
ORzabbixzabbixMatch2.0.7rc1
ORzabbixzabbixMatch2.0.8
ORzabbixzabbixMatch2.0.8rc1
ORzabbixzabbixMatch2.0.8rc2
ORzabbixzabbixMatch2.0.9rc1
ORzabbixzabbixMatch2.0.9rc2
ORzabbixzabbixMatch2.0.10
ORzabbixzabbixMatch2.0.10rc1
ORzabbixzabbixMatch2.0.11
ORzabbixzabbixMatch2.0.11rc1
ORzabbixzabbixMatch2.0.11rc2
ORzabbixzabbixMatch2.0.12
ORzabbixzabbixMatch2.0.12rc1
ORzabbixzabbixMatch2.0.12rc2
ORzabbixzabbixMatch2.0.12rc3
ORzabbixzabbixMatch2.0.13
ORzabbixzabbixMatch2.0.13rc1
ORzabbixzabbixMatch2.2.0
ORzabbixzabbixMatch2.2.0rc1
ORzabbixzabbixMatch2.2.0rc2
ORzabbixzabbixMatch2.2.1
ORzabbixzabbixMatch2.2.1rc1
ORzabbixzabbixMatch2.2.2
ORzabbixzabbixMatch2.2.2rc1
ORzabbixzabbixMatch2.2.2rc2
ORzabbixzabbixMatch2.2.2rc3
ORzabbixzabbixMatch2.2.3
ORzabbixzabbixMatch2.2.3rc1
ORzabbixzabbixMatch2.2.3rc2
ORzabbixzabbixMatch2.2.4
ORzabbixzabbixMatch2.2.4rc1
ORzabbixzabbixMatch2.2.4rc2
ORzabbixzabbixMatch2.2.4rc3
ORzabbixzabbixMatch2.2.4rc4
ORzabbixzabbixMatch2.2.5
ORzabbixzabbixMatch2.2.5rc1
ORzabbixzabbixMatch2.2.6
ORzabbixzabbixMatch2.2.6rc1
ORzabbixzabbixMatch2.2.7
ORzabbixzabbixMatch2.2.7rc1
ORzabbixzabbixMatch2.2.7rc2
Related
debiancve
debiancve
CVE-2014-9450
2015-01-02 20:59:09
cvelist
cvelist
CVE-2014-9450
2022-10-03 16:20:40
prion
prion
Sql injection
2015-01-02 20:59:00
nvd
nvd
CVE-2014-9450
2015-01-02 20:59:09
openvas
openvas
Zabbix Multiple SQLi Vulnerabilities (Jan 2015)
2015-01-23 00:00:00
8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.6%
Related for CVE-2014-9450