Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-5144

SQL injection bug in frontend database configuration page (quotes not correctly escaped in password)

    XMLWordPrintable

Details

    • Incident report
    • Resolution: Fixed
    • Major
    • 2.0.2rc1, 2.1.0
    • 2.0.0
    • Frontend (F)
    • None
    • Linux Debian Squeeze, Apache 2.2.16, PostgreSQL 9.1, php 5.3.3

    Description

      On database configuration page, entering a quote (') in the password leads to an SQL error :

      For example : if the password is foo'bar :

      pg_connect(): Unable to connect to PostgreSQL server: missing "=" after "bar'" in connection info string [include/db.inc.php:98]

      Attachments

        Activity

          People

            Unassigned Unassigned
            sleibo SĂ©tphane Leibovitsch
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: