Published: 17/02/2017 Updated: 04/11/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 794

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in Zabbix prior to 2.2.14 and 3.0 prior to 3.0.4 allows remote malicious users to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zabbix zabbix 3.0.0
zabbix zabbix 3.0.2
zabbix zabbix
zabbix zabbix 3.0.3
zabbix zabbix 3.0.1

Debian Bug report logs - #850936 zabbix: CVE-2016-10134: SQL injection vulnerabilities in Latest data Package: zabbix-frontend-php; Maintainer for zabbix-frontend-php is Dmitry Smirnov <onlyjob@debianorg>; Source for zabbix-frontend-php is src:zabbix (PTS, buildd, popcon) Reported by: Ivan <ivan@ivanbayancom> Date: ...

An SQL injection vulnerability has been discovered in the Latest data page of the web frontend of the Zabbix network monitoring system For the stable distribution (jessie), this problem has been fixed in version 1:227+dfsg-2+deb8u2 For the upcoming stable distribution (stretch), this problem has been fixed in version 1:307+dfsg-1 For the unst ...

CWE-89 https://support.zabbix.com/browse/ZBX-11023 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936 http://www.securityfocus.com/bid/95423 http://www.openwall.com/lists/oss-security/2017/01/13/4 http://www.openwall.com/lists/oss-security/2017/01/12/4 https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html http://www.debian.org/security/2017/dsa-3802 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936 https://nvd.nist.gov https://www.debian.org/security/./dsa-3802

CVE-2016-10134

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect