CVE-2016-10134

Опубликовано: 17 фев. 2017

Источник: debian

Описание

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
zabbix	fixed	1:3.0.4+dfsg-1		package

Примечания

https://support.zabbix.com/browse/ZBX-11023
https://www.openwall.com/lists/oss-security/2017/01/12/4

Связанные уязвимости

CVE-2016-10134

CVSS3: 9.8

ubuntu

почти 9 лет назад

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

CVE-2016-10134

CVSS3: 9.8

nvd

почти 9 лет назад

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

GHSA-q33m-pmcq-844x

CVSS3: 9.8

github

больше 3 лет назад

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.