CVE-2010-1277

Опубликовано: 06 апр. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html
Exploit
http://legalhackers.com/advisories/zabbix181api-sql.txt
Exploit
http://legalhackers.com/poc/zabbix181api.pl-poc
Exploit
http://secunia.com/advisories/39119
Vendor Advisory
http://www.osvdb.org/63456
http://www.securityfocus.com/archive/1/510480/100/0/threaded
http://www.securityfocus.com/bid/39148
Exploit
http://www.vupen.com/english/advisories/2010/0799
Vendor Advisory
http://www.zabbix.com/rn1.8.2.php
Patch
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html
Exploit
http://legalhackers.com/advisories/zabbix181api-sql.txt
Exploit
http://legalhackers.com/poc/zabbix181api.pl-poc
Exploit
http://secunia.com/advisories/39119
Vendor Advisory
http://www.osvdb.org/63456
http://www.securityfocus.com/archive/1/510480/100/0/threaded
http://www.securityfocus.com/bid/39148
Exploit
http://www.vupen.com/english/advisories/2010/0799
Vendor Advisory
http://www.zabbix.com/rn1.8.2.php
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*

cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01516

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2010-1277

ubuntu

почти 16 лет назад

CVE-2010-1277

debian

почти 16 лет назад

SQL injection vulnerability in the user.authenticate method in the API ...

GHSA-g6qx-w624-hvrq

github

почти 4 года назад

EPSS

Процентиль: 81%

0.01516

Низкий

7.5 High

CVSS2

Дефекты

CWE-89