Details

    • Type: Incident report
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8, 1.8.1
    • Fix Version/s: 1.8.2
    • Component/s: API (A)
    • Labels:
      None
    • Environment:
      n/a

      Description

      Zabbix API in versions up to 1.8.1 is vulnerable to an SQL Injection attack
      which can be exploited without any authentication.

      For more details please check my advisory at http://legalhackers.com/advisories/zabbix181api-sql.txt

      Issue discovered by:
      Dawid Golunski (legalhackers.com)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              dawid_golunski Dawid Golunski (legalhackers.com)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: