Loading...

XML

Word

Printable

Type: Patch request
Resolution: False Positive
Priority: Trivial
Fix Version/s: None
Affects Version/s: 7.0.5
Component/s: Frontend (F)
Labels:
Environment:
AlmaLinux 9.5, Nginx 1.24, PHP 8.2 (via dnf module enable ...)

Hello!

I have this detection in my security scanner. Can I protect this using nginx or editing any script? I use SAML for authentication and internal Admin protected using OTP.

Using the GET HTTP method, Nessus found that :
+ The following resources may be vulnerable to blind SQL injection :
+ The 'autologin' parameter of the /index.php CGI :
/index.php?password=&name=&autologin=1zz&name=&autologin=1yy
-------- output --------			const PHP_TZ_OFFSETS = [0];		</script><script src="js/browsers.js?1729500045"></script></head><body><div class="wrapper"><main><div class="server-name">zabbix.domain.com</div><div class="signin-container"><div class="signin-logo"><div class="zabbix-logo"></div></div><form method="post" action="index.php" accept-charset="utf-8" aria-label="Sign in"><ul><li><label for="name">Us [...]

-------- vs --------			const PHP_TZ_OFFSETS = [0];		</script><script src="js/browsers.js?1729500045"></script></head><body><div class="wrapper"><main><div class="server-name">zabbix.domain.com</div><div class="signin-container"><div class="signin-logo"><div class="zabbix-logo"></div></div><form method="post" action="index.php" accept-charset="utf-8" aria-label="Sign in"><ul><li><label for="name">Us [...]------------------------
+ The 'autologin' parameter of the //index.php CGI :
//index.php?password=&name=&autologin=1zz&name=&autologin=1yy
-------- output --------			const PHP_TZ_OFFSETS = [0];		</script><script src="js/browsers.js?1729500045"></script></head><body><div class="wrapper"><main><div class="server-name">zabbix.domain.com</div><div class="signin-container"><div class="signin-logo"><div class="zabbix-logo"></div></div><form method="post" action="index.php" accept-charset="utf-8" aria-label="Sign in"><ul><li><label for="name">Us [...]

-------- vs --------			const PHP_TZ_OFFSETS = [0];		</script><script src="js/browsers.js?1729500045"></script></head><body><div class="wrapper"><main><div class="server-name">zabbix.domain.com</div><div class="signin-container"><div class="signin-logo"><div class="zabbix-logo"></div></div><form method="post" action="index.php" accept-charset="utf-8" aria-label="Sign in"><ul><li><label for="name">Us [...]------------------------

Assignee:: Zabbix Support Team

Reporter:: Artyom Tsybulkin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 3 days ago 13:32

Updated:: 2 days ago 13:12

Resolved:: 2 days ago 13:12

Details

Description

Attachments

Activity

People

Dates