Vulnerability Description
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | 1.8 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.htmlExploit
- http://legalhackers.com/advisories/zabbix181api-sql.txtExploit
- http://legalhackers.com/poc/zabbix181api.pl-pocExploit
- http://secunia.com/advisories/39119Vendor Advisory
- http://www.osvdb.org/63456
- http://www.securityfocus.com/archive/1/510480/100/0/threaded
- http://www.securityfocus.com/bid/39148Exploit
- http://www.vupen.com/english/advisories/2010/0799Vendor Advisory
- http://www.zabbix.com/rn1.8.2.phpPatch
- http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.htmlExploit
- http://legalhackers.com/advisories/zabbix181api-sql.txtExploit
- http://legalhackers.com/poc/zabbix181api.pl-pocExploit
- http://secunia.com/advisories/39119Vendor Advisory
- http://www.osvdb.org/63456
- http://www.securityfocus.com/archive/1/510480/100/0/threaded
FAQ
What is CVE-2010-1277?
CVE-2010-1277 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_j...
How severe is CVE-2010-1277?
CVE-2010-1277 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1277?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.