Zabbix up to 1.8.17/2.0.8/2.1.6 sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Zabbix up to 1.8.17/2.0.8/2.1.6 (Network Management Software). This affects an unknown functionality. Upgrading to version 1.8.18rc1, 2.0.9rc1 or 2.1.7 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field12/12/2019 08:36 AM12/12/2019 08:41 AM
nameZabbixZabbix
version<=1.8.17/2.0.8/2.1.6<=1.8.17/2.0.8/2.1.6
discoverydate13806720001380672000
risk22
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore5.95.9
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore8.28.2
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1576022400 (12/11/2019)1576022400 (12/11/2019)
urlhttps://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
date1380672000 (10/02/2013)1380672000 (10/02/2013)
upgrade_version1.8.18rc1/2.0.9rc1/2.1.71.8.18rc1/2.0.9rc1/2.1.7
cveCVE-2013-5743CVE-2013-5743
osvdb9811698116
nessus_id7049770497
locationWebsiteWebsite
cvss2_vuldb_eHH
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eHH
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore9.89.8
typeNetwork Management Software
cwe089 (sql injection)
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cve_assigned1379289600
cve_nvd_summaryMultiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
securityfocus62794
nessus_nameZabbix < 1.8.18rc1 / 2.0.9rc1 / 2.1.7 Multiple SQL Injections
nessus_filenamezabbix_frontend_1_8_18rc1.nasl
nessus_riskMedium
nessus_familyCGI abuses
nessus_typeremote
nessus_date1382054400 (10/18/2013)
openvas_id867773
openvas_filenamegb_fedora_2014_7603_zabbix_fc19.nasl
openvas_titleFedora Update for zabbix FEDORA-2014-7603
openvas_familyFedora Local Security Checks
msf_idzabbix_sqli.rb
msf_filenamemetasploit-framework/modules/exploits/linux/http/zabbix_sqli.rb
msf_titleZabbix 2.0.8 SQL Injection and Remote Code Execution
d2sec_urlhttp://www.d2sec.com/exploits/zabbix_api_jsonrpc.php_multiple_api_method_sql_injection.html
d2sec_nameZabbix api_jsonrpc.php Multiple API Method SQL Injection

Do you want to use VulDB in your project?

Use the official API to access entries easily!