ZABBIX 'DBcondition' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to ZABBIX 1.8.2 are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://www.securityfocus.com/bid/39148
http://www.zabbix.com/index.php
http://www.zabbix.com/rn1.8.2.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1277
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
Apache Tomcat AJP Protocol Security Bypass Vulnerability
AdPeeps 'index.php' Multiple Vulnerabilities.
A Really Simple Chat Multiple SQL Injection Vulnerabilities
Apache Tomcat Windows Installer Privilege Escalation Vulnerability

Take action and discover your vulnerabilities