CVE-2014-9450

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
zabbixzabbix
𝑥
≤ 1.8.21
zabbixzabbix
2.0.1
zabbixzabbix
2.0.1:rc1
zabbixzabbix
2.0.1:rc2
zabbixzabbix
2.0.2
zabbixzabbix
2.0.2:rc1
zabbixzabbix
2.0.2:rc2
zabbixzabbix
2.0.3
zabbixzabbix
2.0.3:rc1
zabbixzabbix
2.0.3:rc2
zabbixzabbix
2.0.4
zabbixzabbix
2.0.4:rc1
zabbixzabbix
2.0.5
zabbixzabbix
2.0.5:rc1
zabbixzabbix
2.0.6
zabbixzabbix
2.0.6:rc1
zabbixzabbix
2.0.7:rc1
zabbixzabbix
2.0.8
zabbixzabbix
2.0.8:rc1
zabbixzabbix
2.0.8:rc2
zabbixzabbix
2.0.9:rc1
zabbixzabbix
2.0.9:rc2
zabbixzabbix
2.0.10
zabbixzabbix
2.0.10:rc1
zabbixzabbix
2.0.11
zabbixzabbix
2.0.11:rc1
zabbixzabbix
2.0.11:rc2
zabbixzabbix
2.0.12
zabbixzabbix
2.0.12:rc1
zabbixzabbix
2.0.12:rc2
zabbixzabbix
2.0.12:rc3
zabbixzabbix
2.0.13
zabbixzabbix
2.0.13:rc1
zabbixzabbix
2.2.0
zabbixzabbix
2.2.0:rc1
zabbixzabbix
2.2.0:rc2
zabbixzabbix
2.2.1
zabbixzabbix
2.2.1:rc1
zabbixzabbix
2.2.2
zabbixzabbix
2.2.2:rc1
zabbixzabbix
2.2.2:rc2
zabbixzabbix
2.2.2:rc3
zabbixzabbix
2.2.3
zabbixzabbix
2.2.3:rc1
zabbixzabbix
2.2.3:rc2
zabbixzabbix
2.2.4
zabbixzabbix
2.2.4:rc1
zabbixzabbix
2.2.4:rc2
zabbixzabbix
2.2.4:rc3
zabbixzabbix
2.2.4:rc4
zabbixzabbix
2.2.5
zabbixzabbix
2.2.5:rc1
zabbixzabbix
2.2.6
zabbixzabbix
2.2.6:rc1
zabbixzabbix
2.2.7
zabbixzabbix
2.2.7:rc1
zabbixzabbix
2.2.7:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bullseye
1:5.0.8+dfsg-1
fixed
bullseye (security)
1:5.0.44+dfsg-1+deb11u1
fixed
bookworm
1:6.0.14+dfsg-1
fixed
sid
1:7.0.5+dfsg-1
fixed
trixie
1:7.0.5+dfsg-1
fixed
Common Weakness Enumeration
References
http://secunia.com/advisories/61554
http://www.zabbix.com/rn1.8.22.php
http://www.zabbix.com/rn2.0.14.php
http://www.zabbix.com/rn2.2.8.php
https://support.zabbix.com/browse/ZBX-8582
http://secunia.com/advisories/61554
http://www.zabbix.com/rn1.8.22.php
http://www.zabbix.com/rn2.0.14.php
http://www.zabbix.com/rn2.2.8.php
https://support.zabbix.com/browse/ZBX-8582