Описание
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.21 (включая)
Одно из
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.9:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.11:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.11:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.12:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.0.13:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.2:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.4:rc4:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.2.7:rc2:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00458
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
около 11 лет назад
Multiple SQL injection vulnerabilities in chart_bar.php in the fronten ...
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
EPSS
Процентиль: 63%
0.00458
Низкий
7.5 High
CVSS2
Дефекты
CWE-89