Description
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Exploits (1)
References (11)
Core 11
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/20087
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50475
Exploit, Patch x_refsource_confirm
http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2539
Various Sources x_refsource_confirm
https://support.zabbix.com/browse/ZBX-5348
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49809
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/27/6
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54661
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/84127
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/28/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77195
Scores
EPSS
0.0180
EPSS Percentile
82.9%
Details
CWE
CWE-89
Status
published
Products (39)
zabbix/zabbix
1.1 (12 CPE variants)
zabbix/zabbix
1.1.1
zabbix/zabbix
1.1.2
zabbix/zabbix
1.1.3
zabbix/zabbix
1.1.4
zabbix/zabbix
1.1.5
zabbix/zabbix
1.1.6
zabbix/zabbix
1.1.7
zabbix/zabbix
1.3 beta
zabbix/zabbix
1.3.1 beta
... and 29 more
Published
Aug 15, 2012
Tracked Since
Feb 18, 2026