Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jul 2012 17:05:02 -0600
From: Vincent Danen <>
Subject: Zabbix SQL injection flaw (CVE request)

Could a CVE be assigned to this please?

An SQL injection flaw was found in Zabbix, where input passed via the
"itemid" parameter to popup_bitem.php is not properly sanitized before
being used in an SQL query.

The report was against version 2.0.1, but the upstream bug report [1]
indicates this also affects 1.8.x.  Upstream has patched [2] this, and
there is a potential patch for 1.8.x [3].


Other references:


Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.