Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-9450HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-9450
2022-10-0316:20:40
Debian Security Bug Tracker
security-tracker.debian.org
8
sql injection
chart_bar.php
zabbix
remote attackers
arbitrary sql
itemid
periods
vulnerabilities
execute
commands
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.7%
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | zabbix | < 1:2.2.7+dfsg-2 | zabbix_1:2.2.7+dfsg-2_all.deb |
| Debian | 11 | all | zabbix | < 1:2.2.7+dfsg-2 | zabbix_1:2.2.7+dfsg-2_all.deb |
| Debian | 999 | all | zabbix | < 1:2.2.7+dfsg-2 | zabbix_1:2.2.7+dfsg-2_all.deb |
| Debian | 13 | all | zabbix | < 1:2.2.7+dfsg-2 | zabbix_1:2.2.7+dfsg-2_all.deb |
Related
cve
cve
CVE-2014-9450
2022-10-03 16:20:40
cvelist
cvelist
CVE-2014-9450
2022-10-03 16:20:40
nvd
nvd
CVE-2014-9450
2015-01-02 20:59:09
prion
prion
Sql injection
2015-01-02 20:59:00
openvas
openvas
Zabbix Multiple SQLi Vulnerabilities (Jan 2015)
2015-01-23 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.7%
Related for DEBIANCVE:CVE-2014-9450