CVE-2014-9450 — SQL Injection in Zabbix

CWE-89 — SQL Injection9 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedJan 2

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:2.2.7+dfsg-2 (bookworm)

▶Debianzabbix/zabbix< 1:2.2.7+dfsg-2+3

▶NVDzabbix/zabbix1.8.21+21

🔴Vulnerability Details

GHSA

GHSA-rq9v-pgww-544v: Multiple SQL injection vulnerabilities in chart_bar↗2022-05-17

▶

OSV

CVE-2014-9450: Multiple SQL injection vulnerabilities in chart_bar↗2015-01-02

▶

📋Vendor Advisories

Debian

CVE-2014-9450: zabbix - Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbi...↗2014

▶

💬Community

Bugzilla

CVE-2014-9450 zabbix20: zabbix: SQL injection in chart_bar.php [epel-7]↗2015-01-05

▶

Bugzilla

CVE-2014-9450 zabbix22: zabbix: SQL injection in chart_bar.php [epel-7]↗2015-01-05

▶

Bugzilla

CVE-2014-9450 zabbix20: zabbix: SQL injection in chart_bar.php [epel-6]↗2015-01-05

▶

Bugzilla

CVE-2014-9450 zabbix: SQL injection in chart_bar.php↗2015-01-05

▶

Bugzilla

CVE-2014-9450 zabbix22: zabbix: SQL injection in chart_bar.php [epel-6]↗2015-01-05

▶