Zabbix <= 1.8.1 SQL Injection

XMLWordPrintable

    • Type: Incident report
    • Resolution: Fixed
    • Priority: Major
    • 1.8.2
    • Affects Version/s: 1.8, 1.8.1
    • Component/s: API (A)
    • None
    • Environment:
      n/a

      Zabbix API in versions up to 1.8.1 is vulnerable to an SQL Injection attack
      which can be exploited without any authentication.

      For more details please check my advisory at http://legalhackers.com/advisories/zabbix181api-sql.txt

      Issue discovered by:
      Dawid Golunski (legalhackers.com)

            Assignee:
            Unassigned
            Reporter:
            Dawid Golunski (legalhackers.com)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: