ZABBIX Popup_bitem.php 'itemid' Parameter SQL Injection Vulnerabilit Network Vulnerability

Summary

ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ZABBIX versions 2.0.1 and earlier are affected.

Solution

Updates are available. Please see the references for more details.

References

https://support.zabbix.com/browse/ZBX-5348

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlefMentor Multiple SQL Injection Vulnerabilities
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
Apache Archiva Multiple Remote Command Execution Vulnerabilities
ARRIS 2307 Unprotected Web Console

ZABBIX popup_bitem.php 'itemid' Parameter SQL Injection Vulnerabilit

Take action and discover your vulnerabilities