Zabbix » Zabbix » 1.1.3 : Security Vulnerabilities, CVEs, (Sql injection)

cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*

CVE-2016-10134

Public exploit
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Max CVSS
9.8
EPSS Score
5.37%
Published
2017-02-17
Updated
2017-11-04

CVE-2014-9450

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
Max CVSS
7.5
EPSS Score
0.24%
Published
2015-01-02
Updated
2015-01-06

CVE-2012-3435

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2012-08-15
Updated
2017-08-29

CVE-2010-5049

SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2011-11-23
Updated
2018-10-10

CVE-2009-4499

SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-12-31
Updated
2010-02-02
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close