Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.8, 1.8.1
    • Fix Version/s: 1.8.2
    • Component/s: API (A)
    • Labels:
      None
    • Environment:
      n/a

      Description

      Zabbix API in versions up to 1.8.1 is vulnerable to an SQL Injection attack
      which can be exploited without any authentication.

      For more details please check my advisory at http://legalhackers.com/advisories/zabbix181api-sql.txt

      Issue discovered by:
      Dawid Golunski (legalhackers.com)

        Activity

        Hide
        Igor Danoshaites added a comment -

        This problem has been fixed in the Zabbix v1.8.2.

        Show
        Igor Danoshaites added a comment - This problem has been fixed in the Zabbix v1.8.2.

          People

          • Assignee:
            Igor Danoshaites
            Reporter:
            Dawid Golunski (legalhackers.com)
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: