Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zabbix-2.0.11: multiple CVEs #30997

Closed
pbogdan opened this issue Oct 30, 2017 · 3 comments
Closed

zabbix-2.0.11: multiple CVEs #30997

pbogdan opened this issue Oct 30, 2017 · 3 comments

Comments

@pbogdan
Copy link
Member

pbogdan commented Oct 30, 2017

Issue description

  • CVE-2014-9450

    Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.

  • CVE-2016-4338

    The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
@disassembler
Copy link
Member

Lets move these to #30959 and close this out.

@pbogdan
Copy link
Member Author

pbogdan commented Oct 30, 2017

Please feel free to move / close out as needed.

@disassembler
Copy link
Member

Moved to roundup. Thanks for reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pbogdan @disassembler