Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-26485

Zabbix Server Web UI CGI Generic SQL Injection (blind)

XMLWordPrintable

    • S25-W42/43, S25-W44/45
    • 0.5

      Steps to reproduce:

      1. Scan using Tenable (Web vulnerability)

      Result:

      Expected:
      The parameter autologin must be validate

       

       

      To fix the issue change the line 51 at : 

      https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/ui/index.php

      must be replaced

      from:

      $autologin = hasRequest('enter') ? getRequest('autologin', 0) : getRequest('autologin', 1);

      to:

      $autologin = hasRequest('enter') ? getRequest('autologin', 0) == "1" : getRequest('autologin', 1) == "1";

       

      This way, it prevent the false positive report on Tenable report.

       

       

        1. image-2025-05-27-09-26-05-434.png
          image-2025-05-27-09-26-05-434.png
          207 kB

            gberzina Ginta Berzina
            jmasse Jo Masse
            Team B
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 4h
                4h