Multiple SQL injection flaws were discovered[1] in Zabbix's chart_bar.php front end code. Either of these flaws could allow a remote attacker to execute arbitrary SQL commands using the itemid or periods parameters. A patch that fixes these issues is available at [2] or as r47867 in branch svn://svn.zabbix.com/branches/dev/ZBX-8582. [1] https://support.zabbix.com/browse/ZBX-8582 [2] https://github.com/svn2github/zabbix/commit/984bd3bec2d6ca5a80104a5574d19b7f4d04f24b
Created zabbix22 tracking bugs for this issue: Affects: epel-6 [bug 1178879] Affects: epel-7 [bug 1178881]
Created zabbix20 tracking bugs for this issue: Affects: epel-6 [bug 1178878] Affects: epel-7 [bug 1178880]
zabbix22-2.2.9-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.