Summary
This host is running Zabbix and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to Zabbix version 1.8.9 or later
For updates refer to http://www.zabbix.com/index.php
Insight
The flaw is due to improper validation of user-supplied input passed via the 'only_hostid' parameter to 'popup.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code.
Affected
Zabbix version 1.8.4 and prior
References
Severity
Classification
-
CVE CVE-2011-4674 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities