ZABBIX 'nav_time' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ZABBIX versions 1.8.1 and prior are vulnerable.

References

http://www.securityfocus.com/bid/39752
http://www.zabbix.com/index.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-5049

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Athena Web Registration remote command execution flaw
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Adobe ColdFusion Information Disclosure Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities

Take action and discover your vulnerabilities