Arbitrary SQL Command Execution in Zabbix Frontend (versions 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1)

Arbitrary SQL Command Execution in Zabbix Frontend (versions 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1)

CVE-2012-3435 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

Learn more about our Web Application Penetration Testing UK.