[ZBX-5348] More checks required for popup_bitem.php Created: 2012 Jul 18 Updated: 2020 Jul 16 Resolved: 2012 Jul 30 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 1.8.15rc1, 2.0.1 |
Fix Version/s: | 1.8.15rc1, 2.0.2rc1, 2.1.0 |
Type: | Defect (Security) | Priority: | Critical |
Reporter: | Oleksii Zagorskyi | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 1 |
Labels: | security | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
A file "popup_bitem.php" allows to pass argument "itemid" unsanitised. |
Comments |
Comment by Alexander Vladishev [ 2012 Jul 19 ] |
Fixed in pre-2.0.2 r28981 and pre-2.1.0 (beta) r28982. |
Comment by Takanori Suzuki [ 2012 Jul 26 ] |
Hi. This issue also affect to Zabbix 1.8.x. I made a patch for Zabbix 1.8.x. |
Comment by Alexey Fukalov [ 2012 Jul 30 ] |
dev branch: svn://svn.zabbix.com/branches/dev/ZBX-5348 |
Comment by Toms (Inactive) [ 2012 Jul 31 ] |
TESTED |
Comment by Alexander Vladishev [ 2012 Aug 01 ] |
Also fixed in pre-1.8.15 r29282 |
Comment by Takanori Suzuki [ 2012 Aug 01 ] |
I checked pre-1.8.15 r29282 works good. |