[ZBX-11023] SQL injection vulnerabilities in "Latest data" Created: 2016 Jul 22 Updated: 2019 Mar 28 Resolved: 2016 Jul 22 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | None |
Affects Version/s: | 2.2.13, 3.0.3 |
Fix Version/s: | 2.2.14rc1, 3.0.4rc1, 3.2.0alpha1 |
Type: | Problem report | Priority: | Blocker |
Reporter: | Alexander Vladishev | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | vulnerability | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page. For example: Result SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1) latest.php:746 ? require_once() ? CProfile::flush() ? CProfile::insertDB() ? DBexecute() in /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185 |
Comments |
Comment by Alexander Vladishev [ 2016 Jul 22 ] |
3.0 and trunk was fixed in development branch svn://svn.zabbix.com/branches/dev/DEV-551-30 |
Comment by Alexander Vladishev [ 2016 Jul 22 ] |
(1) No translation strings changed iivs CLOSED |
Comment by Ivo Kurzemnieks [ 2016 Jul 22 ] |
(2) Minor coding style fix for 3.0 in r61169 sasha Thanks! CLOSED |
Comment by Alexander Vladishev [ 2016 Jul 22 ] |
Fixed in 2.2.14 r61173, 3.0.4 r61174 and pre-3.1.0 (trunk) r61175. |
Comment by richlv [ 2016 Sep 07 ] |
could it be that jsrpc.php was affected, too ? if so, the changelog entry should probably be changed to either include all affected endpoints, or at least not exclusively mention latest data |