ZABBIX API And Frontend Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

ZABBIX API and Frontend are prone to multiple SQL-injection vulnerabilities.

Impact

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Insight

A remote attacker could send specially-crafted SQL statements to multiple API methods using multiple parameters, which could allow the attacker to view, add, modify or delete information in the back-end database.

Affected

ZABBIX prior to 2.0.9 ZABBIX prior to 1.8.18

Detection

Send a special crafted HTTP GET request and check the response.

References

http://www.securityfocus.com/bid/62794
https://support.zabbix.com/browse/ZBX-7091

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5743

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
68designs 68kb Multiple Remote File Include Vulnerabilities
Arkeia Appliance Path Traversal Vulnerability
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
AWCM CMS Multiple Remote File Include Vulnerabilities

ZABBIX API and Frontend Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities