[ZBX-2257] Zabbix <= 1.8.1 SQL Injection Created: 2010 Apr 01 Updated: 2017 May 30 Resolved: 2010 Apr 01 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | API (A) |
Affects Version/s: | 1.8, 1.8.1 |
Fix Version/s: | 1.8.2 |
Type: | Incident report | Priority: | Major |
Reporter: | Dawid Golunski (legalhackers.com) | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
n/a |
Description |
Zabbix API in versions up to 1.8.1 is vulnerable to an SQL Injection attack For more details please check my advisory at http://legalhackers.com/advisories/zabbix181api-sql.txt Issue discovered by: |
Comments |
Comment by Igor Danoshaites (Inactive) [ 2010 Apr 01 ] |
This problem has been fixed in the Zabbix v1.8.2. |