[ZBX-2257] Zabbix <= 1.8.1 SQL Injection Created: 2010 Apr 01  Updated: 2017 May 30  Resolved: 2010 Apr 01

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A)
Affects Version/s: 1.8, 1.8.1
Fix Version/s: 1.8.2

Type: Incident report Priority: Major
Reporter: Dawid Golunski (legalhackers.com) Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

n/a


 Description   

Zabbix API in versions up to 1.8.1 is vulnerable to an SQL Injection attack
which can be exploited without any authentication.

For more details please check my advisory at http://legalhackers.com/advisories/zabbix181api-sql.txt

Issue discovered by:
Dawid Golunski (legalhackers.com)

 Comments   
Comment by Igor Danoshaites (Inactive) [ 2010 Apr 01 ]

This problem has been fixed in the Zabbix v1.8.2.

Generated at Fri Apr 26 11:37:44 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.