What is the severity of CVE-2014-9450?

CVE-2014-9450 has a high severity rating due to its potential for remote attackers to execute arbitrary SQL commands.

How do I fix CVE-2014-9450?

To fix CVE-2014-9450, upgrade Zabbix to version 1.8.22 or later, 2.0.14 or later, or 2.2.8 or later.

What versions of Zabbix are affected by CVE-2014-9450?

CVE-2014-9450 affects Zabbix versions before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8.

Can CVE-2014-9450 impact my Zabbix installation?

Yes, if you are using an affected version of Zabbix, CVE-2014-9450 can allow unauthorized access to your database.

What type of vulnerability is CVE-2014-9450?

CVE-2014-9450 is classified as a SQL injection vulnerability, allowing attackers to manipulate SQL queries.

Vulnerability/
CVE-2014-9450

high

7.5

CWE

2/1/2015

16/9/2024

CVE-2014-9450: SQL Injection

First published: Fri Jan 02 2015(Updated: )

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zabbix Server	<=1.8.21
Zabbix Server	=2.0.1
Zabbix Server	=2.0.1-rc1
Zabbix Server	=2.0.1-rc2
Zabbix Server	=2.0.2
Zabbix Server	=2.0.2-rc1
Zabbix Server	=2.0.2-rc2
Zabbix Server	=2.0.3
Zabbix Server	=2.0.3-rc1
Zabbix Server	=2.0.3-rc2
Zabbix Server	=2.0.4
Zabbix Server	=2.0.4-rc1
Zabbix Server	=2.0.5
Zabbix Server	=2.0.5-rc1
Zabbix Server	=2.0.6
Zabbix Server	=2.0.6-rc1
Zabbix Server	=2.0.7-rc1
Zabbix Server	=2.0.8
Zabbix Server	=2.0.8-rc1
Zabbix Server	=2.0.8-rc2
Zabbix Server	=2.0.9-rc1
Zabbix Server	=2.0.9-rc2
Zabbix Server	=2.0.10
Zabbix Server	=2.0.10-rc1
Zabbix Server	=2.0.11
Zabbix Server	=2.0.11-rc1
Zabbix Server	=2.0.11-rc2
Zabbix Server	=2.0.12
Zabbix Server	=2.0.12-rc1
Zabbix Server	=2.0.12-rc2
Zabbix Server	=2.0.12-rc3
Zabbix Server	=2.0.13
Zabbix Server	=2.0.13-rc1
Zabbix Server	=2.2.0
Zabbix Server	=2.2.0-rc1
Zabbix Server	=2.2.0-rc2
Zabbix Server	=2.2.1
Zabbix Server	=2.2.1-rc1
Zabbix Server	=2.2.2
Zabbix Server	=2.2.2-rc1
Zabbix Server	=2.2.2-rc2
Zabbix Server	=2.2.2-rc3
Zabbix Server	=2.2.3
Zabbix Server	=2.2.3-rc1
Zabbix Server	=2.2.3-rc2
Zabbix Server	=2.2.4
Zabbix Server	=2.2.4-rc1
Zabbix Server	=2.2.4-rc2
Zabbix Server	=2.2.4-rc3
Zabbix Server	=2.2.4-rc4
Zabbix Server	=2.2.5
Zabbix Server	=2.2.5-rc1
Zabbix Server	=2.2.6
Zabbix Server	=2.2.6-rc1
Zabbix Server	=2.2.7
Zabbix Server	=2.2.7-rc1
Zabbix Server	=2.2.7-rc2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9450?
CVE-2014-9450 has a high severity rating due to its potential for remote attackers to execute arbitrary SQL commands.
How do I fix CVE-2014-9450?
To fix CVE-2014-9450, upgrade Zabbix to version 1.8.22 or later, 2.0.14 or later, or 2.2.8 or later.
What versions of Zabbix are affected by CVE-2014-9450?
CVE-2014-9450 affects Zabbix versions before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8.
Can CVE-2014-9450 impact my Zabbix installation?
Yes, if you are using an affected version of Zabbix, CVE-2014-9450 can allow unauthorized access to your database.
What type of vulnerability is CVE-2014-9450?
CVE-2014-9450 is classified as a SQL injection vulnerability, allowing attackers to manipulate SQL queries.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/description
agent/event
agent/first-publish-date
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zabbix
canonical/zabbix server
version/zabbix server/1.8.21
version/zabbix server/2.0.1
version/zabbix server/2.0.1-rc1
version/zabbix server/2.0.1-rc2
version/zabbix server/2.0.2
version/zabbix server/2.0.2-rc1
version/zabbix server/2.0.2-rc2
version/zabbix server/2.0.3
version/zabbix server/2.0.3-rc1
version/zabbix server/2.0.3-rc2
version/zabbix server/2.0.4
version/zabbix server/2.0.4-rc1
version/zabbix server/2.0.5
version/zabbix server/2.0.5-rc1
version/zabbix server/2.0.6
version/zabbix server/2.0.6-rc1
version/zabbix server/2.0.7-rc1
version/zabbix server/2.0.8
version/zabbix server/2.0.8-rc1
version/zabbix server/2.0.8-rc2
version/zabbix server/2.0.9-rc1
version/zabbix server/2.0.9-rc2
version/zabbix server/2.0.10
version/zabbix server/2.0.10-rc1
version/zabbix server/2.0.11
version/zabbix server/2.0.11-rc1
version/zabbix server/2.0.11-rc2
version/zabbix server/2.0.12
version/zabbix server/2.0.12-rc1
version/zabbix server/2.0.12-rc2
version/zabbix server/2.0.12-rc3
version/zabbix server/2.0.13
version/zabbix server/2.0.13-rc1
version/zabbix server/2.2.0
version/zabbix server/2.2.0-rc1
version/zabbix server/2.2.0-rc2
version/zabbix server/2.2.1
version/zabbix server/2.2.1-rc1
version/zabbix server/2.2.2
version/zabbix server/2.2.2-rc1
version/zabbix server/2.2.2-rc2
version/zabbix server/2.2.2-rc3
version/zabbix server/2.2.3
version/zabbix server/2.2.3-rc1
version/zabbix server/2.2.3-rc2
version/zabbix server/2.2.4
version/zabbix server/2.2.4-rc1
version/zabbix server/2.2.4-rc2
version/zabbix server/2.2.4-rc3
version/zabbix server/2.2.4-rc4
version/zabbix server/2.2.5
version/zabbix server/2.2.5-rc1
version/zabbix server/2.2.6
version/zabbix server/2.2.6-rc1
version/zabbix server/2.2.7
version/zabbix server/2.2.7-rc1
version/zabbix server/2.2.7-rc2