Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-8582

SQL inject in zabbix frontend.

    XMLWordPrintable

    Details

      Description

      In /chart_bar.php ,line 163.

      $itemid = $item['itemid'];

      $itemid is a value from gpc(GET,POST,COOKIE) at line 54 of the same file.

      code from /chart_bar.php:

      Line:54 $items = get_request('items', array());
      ......
      Line:162 foreach ($items as $item) {
      Line:163 $itemid = intval($item['itemid']);
      Line:174 ' WHERE itemid='.$itemid.

      There is a SQL inject vulnerability in the $sql_arr because the $itemid can be evil.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            leann Liang.Xu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: