ZABBIX 'popup.php' Information Disclosure Vulnerability Network Vulnerability

Summary

ZABBIX is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to read the contents of arbitrary database tables. This may allow the attacker to obtain sensitive information other attacks are also possible. Version prior to ZABBIX 1.8.7 are vulnerable.

Solution

Updates are available. Please see the reference for more details.

References

http://www.securityfocus.com/bid/49277
http://www.zabbix.com/index.php
https://support.zabbix.com/browse/ZBX-3955

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3265
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

/cgi-bin directory browsable ?
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
@Mail WebMail Email Body HTML Injection Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

Take action and discover your vulnerabilities