Description

Zabbix 2.0.8 is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of Zabbix.

References

SEC Consult Vulnerability Lab Security Advisory 20131004-0

SQL injection vulnerabilities in the API and frontend

CVE-2013-5743

Related Vulnerabilities

WordPress Plugin WP Email Users SQL Injection (1.4.3)

WordPress Plugin SpiderCatalog SQL Injection (1.7.3)

WordPress Plugin Advanced Booking Calendar SQL Injection (1.6.1)

WordPress Plugin Edit Comments SQL Injection (0.3)

WordPress Plugin SH Slideshow 'ajax.php' SQL Injection (3.1.4)

Severity

High

Classification

CVE-2013-5743 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection