Zabbix < 1.8.18 / 2.0.9 Multiple SQL Injection Vulnerabilities

medium Nessus Network Monitor Plugin ID 8049

Synopsis

The remote host is running a web application that is vulnerable to a SQL-injection attack.

Description

The remote host is running Zabbix, an IT monitoring service. Versions of Zabbix earlier than 1.8.18 or 2.0.9 are contain a number of SQL injection vulnerabilities via the API and web front end. The following API methods are reported to be vulnerable:

- alert.get: time_from, time_till;
- event.get: object, source, eventid_from, eventid_till;
- graphitem.get: parameter: type;
- graph.get: parameter: type;
- graphprototype.get: parameter: type;
- history.get: parameter: time_from, time_till;
- trigger.get: parameter: lastChangeSince, lastChangeTill, min_severity;
- triggerprototype.get: parameter: min_severity;
- usergroup.get: parameter: status

Other pages vulnerable to SQL injection include the "Dashboard", "Graphs", "Maps", "Latest data" and "Screens" pages in the "Monitoring" section. Successful attacks allow an attacker to gain access to the database and execute arbitrary SQL statements.

Solution

Upgrade to Zabbix 2.0.9 / 1.8.18 or later. Additionally, patches are available for versions 2.0.8 / 1.8.17 / 1.8.2.

See Also

https://support.zabbix.com/browse/ZBX-7091

http://packetstormsecurity.com/files/123511/Zabbix-2.0.8-SQL-Injection.html

Plugin Details

Severity: Medium

ID: 8049

Family: Generic

Published: 11/12/2010

Updated: 3/6/2019

Nessus ID: 70497

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zabbix:zabbix

Patch Publication Date: 10/2/2013

Vulnerability Publication Date: 10/2/2013

Exploitable With

Metasploit (linux/http/zabbix_sqli.rbcpe=cpe:/a:zabbix:zabbix)

Reference Information

CVE: CVE-2013-5743

BID: 62794