CVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

Published : 2017-02-17 02:59 Updated : 2017-11-04 01:29

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Zabbix Zabbix 2.2.13 cpe:/a:zabbix:zabbix:2.2.13
Zabbix Zabbix 3.0.2 cpe:/a:zabbix:zabbix:3.0.2
Zabbix Zabbix 3.0.3 cpe:/a:zabbix:zabbix:3.0.3
Zabbix Zabbix 3.0.0 cpe:/a:zabbix:zabbix:3.0.0
Zabbix Zabbix 3.0.1 cpe:/a:zabbix:zabbix:3.0.1
  1. Zabbix (1) Search CVE
    1. Zabbix (5) Search CVE
      1. 2.2.13
      2. 3.0.2
      3. 3.0.3
      4. 3.0.0
      5. 3.0.1

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes