NVD

Id
36153  
Name
CVE-2014-9450  
Description
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-01-02  
Modified Date
2015-01-05  
Seq
2014-9450  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
184775 36153 CVE-2014-9450 http://www.zabbix.com/rn1.8.22.php  View
184776 36153 CVE-2014-9450 http://www.zabbix.com/rn2.0.14.php  View
184777 36153 CVE-2014-9450 http://www.zabbix.com/rn2.2.8.php  View
184778 36153 CVE-2014-9450 https://support.zabbix.com/browse/ZBX-8582  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18619 JVNDB-2014-007494 Zabbix のフロントエンドの chart_bar.php における SQL インジェクションの脆弱性 Zabbix のフロントエンドの chart_bar.php には、SQL インジェクションの脆弱性が存在します。 CVE-2014-9450 76743 CVE-2014-9450 36153 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007494.html 2014-08-21 2015-01-08 View