Arbitrary SQL Command Execution in Zabbix Frontend (versions 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1)
CVE-2012-3435 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Learn more about our Web Application Penetration Testing UK.