Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-9450
cve-2014-9450
sql injection
zabbix
security vulnerability
remote code execution
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.8%
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
Affected configurations
Node
zabbixzabbixRange≤1.8.21
ORzabbixzabbixMatch2.0.1
ORzabbixzabbixMatch2.0.1rc1
ORzabbixzabbixMatch2.0.1rc2
ORzabbixzabbixMatch2.0.2
ORzabbixzabbixMatch2.0.2rc1
ORzabbixzabbixMatch2.0.2rc2
ORzabbixzabbixMatch2.0.3
ORzabbixzabbixMatch2.0.3rc1
ORzabbixzabbixMatch2.0.3rc2
ORzabbixzabbixMatch2.0.4
ORzabbixzabbixMatch2.0.4rc1
ORzabbixzabbixMatch2.0.5
ORzabbixzabbixMatch2.0.5rc1
ORzabbixzabbixMatch2.0.6
ORzabbixzabbixMatch2.0.6rc1
ORzabbixzabbixMatch2.0.7rc1
ORzabbixzabbixMatch2.0.8
ORzabbixzabbixMatch2.0.8rc1
ORzabbixzabbixMatch2.0.8rc2
ORzabbixzabbixMatch2.0.9rc1
ORzabbixzabbixMatch2.0.9rc2
ORzabbixzabbixMatch2.0.10
ORzabbixzabbixMatch2.0.10rc1
ORzabbixzabbixMatch2.0.11
ORzabbixzabbixMatch2.0.11rc1
ORzabbixzabbixMatch2.0.11rc2
ORzabbixzabbixMatch2.0.12
ORzabbixzabbixMatch2.0.12rc1
ORzabbixzabbixMatch2.0.12rc2
ORzabbixzabbixMatch2.0.12rc3
ORzabbixzabbixMatch2.0.13
ORzabbixzabbixMatch2.0.13rc1
ORzabbixzabbixMatch2.2.0
ORzabbixzabbixMatch2.2.0rc1
ORzabbixzabbixMatch2.2.0rc2
ORzabbixzabbixMatch2.2.1
ORzabbixzabbixMatch2.2.1rc1
ORzabbixzabbixMatch2.2.2
ORzabbixzabbixMatch2.2.2rc1
ORzabbixzabbixMatch2.2.2rc2
ORzabbixzabbixMatch2.2.2rc3
ORzabbixzabbixMatch2.2.3
ORzabbixzabbixMatch2.2.3rc1
ORzabbixzabbixMatch2.2.3rc2
ORzabbixzabbixMatch2.2.4
ORzabbixzabbixMatch2.2.4rc1
ORzabbixzabbixMatch2.2.4rc2
ORzabbixzabbixMatch2.2.4rc3
ORzabbixzabbixMatch2.2.4rc4
ORzabbixzabbixMatch2.2.5
ORzabbixzabbixMatch2.2.5rc1
ORzabbixzabbixMatch2.2.6
ORzabbixzabbixMatch2.2.6rc1
ORzabbixzabbixMatch2.2.7
ORzabbixzabbixMatch2.2.7rc1
ORzabbixzabbixMatch2.2.7rc2
Related
cvelist
cvelist
CVE-2014-9450
2022-10-03 16:20:40
debiancve
debiancve
CVE-2014-9450
2022-10-03 16:20:40
nvd
nvd
CVE-2014-9450
2015-01-02 20:59:09
prion
prion
Sql injection
2015-01-02 20:59:00
openvas
openvas
Zabbix Multiple SQLi Vulnerabilities (Jan 2015)
2015-01-23 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.8%
Related for CVE-2014-9450