Multiple SQL injection flaws were discovered in Zabbix's chart_bar.php front end code. Either of these flaws could allow a remote attacker to execute arbitrary SQL commands using the itemid or periods parameters.
A patch that fixes these issues is available at  or as r47867 in branch svn://svn.zabbix.com/branches/dev/ZBX-8582.
Created zabbix22 tracking bugs for this issue:
Affects: epel-6 [bug 1178879]
Affects: epel-7 [bug 1178881]
Created zabbix20 tracking bugs for this issue:
Affects: epel-6 [bug 1178878]
Affects: epel-7 [bug 1178880]
zabbix22-2.2.9-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.