CVE-2010-0712 in Zenoss
Summary
by MITRE
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/01/2026
The vulnerability identified as CVE-2010-0712 represents a critical SQL injection flaw within the Zenoss monitoring platform version 2.3.3 and earlier releases. This vulnerability resides in the zport/dmd/Events/getJSONEventsInfo endpoint which serves as a crucial interface for event management and reporting within the Zenoss ecosystem. The affected versions of Zenoss were widely deployed across enterprise environments for infrastructure monitoring, making this vulnerability particularly dangerous as it could be exploited by authenticated attackers who already possess valid credentials to the system.
The technical implementation of this vulnerability stems from improper input validation and sanitization within the web application's event handling functionality. Attackers can manipulate five specific parameters including severity, state, filter, offset, and count to inject malicious SQL code into the backend database queries. This occurs because the application directly incorporates user-supplied parameters into SQL statements without proper parameterization or input sanitization mechanisms. The vulnerability falls under the CWE-89 category of SQL Injection, specifically manifesting as an authenticated SQL injection attack vector that leverages the application's legitimate event retrieval functionality to execute unauthorized database operations.
The operational impact of this vulnerability extends beyond simple data theft as it enables attackers to perform complete database compromise operations including data exfiltration, modification of monitoring events, and potential privilege escalation within the Zenoss environment. An attacker with valid credentials could exploit this vulnerability to access sensitive monitoring data, manipulate event logs, and potentially gain access to underlying system information that would normally be restricted. The authenticated nature of this attack means that attackers do not need to perform initial reconnaissance or credential harvesting, as they can leverage existing legitimate access to escalate their privileges within the monitoring infrastructure. This vulnerability directly aligns with ATT&CK technique T1078.004 for Valid Accounts and T1046 for Network Service Scanning, as it exploits legitimate access to perform database manipulation and information gathering.
Organizations affected by this vulnerability should immediately implement mitigations including upgrading to Zenoss version 2.5 or later where the vulnerability has been patched. The fix typically involves proper parameterization of SQL queries and input validation of all user-supplied parameters within the affected endpoint. Additional defensive measures should include implementing web application firewalls to detect and block suspicious SQL injection patterns, conducting regular security assessments of monitoring platforms, and establishing network segmentation to limit the potential impact of successful exploitation. The vulnerability demonstrates the critical importance of input validation in web applications and highlights how authenticated attack vectors can be leveraged to achieve database-level compromise, making it essential for security teams to maintain up-to-date monitoring platform versions and implement comprehensive security controls around administrative interfaces.