漏洞类别:CGI
漏洞等级: 
漏洞信息
Zabbix is enterprise-class open source software for monitoring and tracking the status of various network services, servers and other network hardware.
The vulnerability exists in the jsrpc.php source file that fails to sanitize user-supplied input received via the profileIdx2 argument. An unauthenticated, remote attacker could exploit this vulnerability by transmitting crafted HTTP GET requests to inject malicious SQL code in a targeted Zabbix installation.
Affected Versions:
Zabbix versions prior to 2.2.14
Zabbix versions prior to 3.0.4
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
解决方案
Customers are advised to upgrade to Zabbix 2.2.14, 3.0.4 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论