Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3435

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3435
Last Modified 21 Mar 2013 11:11:31
Published 15 Aug 2012 04:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3435

Summary

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

Vulnerable Systems

Application

  • Zabbix 1.1

  • Zabbix 1.1.1

  • Zabbix 1.1.2

  • Zabbix 1.1.3

  • Zabbix 1.1.4

  • Zabbix 1.1.5

  • Zabbix 1.1.6

  • Zabbix 1.1.7

  • Zabbix 1.3

  • Zabbix 1.3.1

  • Zabbix 1.3.2

  • Zabbix 1.3.3

  • Zabbix 1.3.4

  • Zabbix 1.3.5

  • Zabbix 1.3.6

  • Zabbix 1.3.7

  • Zabbix 1.3.8

  • Zabbix 1.4.2

  • Zabbix 1.4.3

  • Zabbix 1.4.4

  • Zabbix 1.4.5

  • Zabbix 1.4.6

  • Zabbix 1.5

  • Zabbix 1.5.1

  • Zabbix 1.5.2

  • Zabbix 1.5.3

  • Zabbix 1.5.4

  • Zabbix 1.6

  • Zabbix 1.6.1

  • Zabbix 1.6.2

  • Zabbix 1.6.3

  • Zabbix 1.6.4

  • Zabbix 1.6.5

  • Zabbix 1.6.6

  • Zabbix 1.6.7

  • Zabbix 1.6.8

  • Zabbix 1.6.9

  • Zabbix 1.7

  • Zabbix 1.7.1

  • Zabbix 1.7.2

  • Zabbix 1.7.3

  • Zabbix 1.7.4

  • Zabbix 1.8

  • Zabbix 1.8.1

  • Zabbix 1.8.15

  • Zabbix 1.8.2

  • Zabbix 1.8.3

  • Zabbix 2.0.0

  • Zabbix 2.0.1


References

CONFIRM - https://support.zabbix.com/browse/ZBX-5348

XF - zabbix-popupbitem-sql-injection(77195)

BID - 54661

MLIST - [oss-security] 20120728 Re: Zabbix SQL injection flaw (CVE request)

MLIST - [oss-security] 20120727 Zabbix SQL injection flaw (CVE request)

EXPLOIT-DB - 20087

SECUNIA - 49809

OSVDB - 84127

CONFIRM - http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54

DEBIAN - DSA-2539

SECUNIA - 50475


Last Updated: 27 May 2016 11:00:34