Jump to:

CVE-2016-10134

Jump to:

CVE-2016-10134

Package zabbix updated to version 3.0.4-alt1 for branch sisyphus in task 167442.

Published: 2017-02-17
Modified: 2024-11-21

CVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

DSA-3802
DSA-3802
[oss-security] 20170112 CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
[oss-security] 20170112 CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
[oss-security] 20170112 Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
[oss-security] 20170112 Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
95423
95423
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html
https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html
https://support.zabbix.com/browse/ZBX-11023
https://support.zabbix.com/browse/ZBX-11023

Version: 2.1.0

Package zabbix update in sisyphus on 2016-07-26

ALT-PU-2016-1782-1

Closed vulnerabilities

CVE-2016-10134