漏洞描述
Zabbix SIA Zabbix是拉脱维亚Zabbix SIA公司的一套开源的监控系统。Zabbix SIA Zabbix中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。以下产品及版本受到影响:Zabbix SIA Zabbix 1.8.18rc1之前的1.8.x版本,2.0.9rc1之前的2.0.x版本,2.1.7之前的2.1.x版本。
Zabbix /httpmon.php 路径存在SQL注入
PoC代码
暂无相关漏洞推荐
- Zabbix /api_jsonrpc.php SQL 注入漏洞(CVE-2024-36465)
- POC CVE-2024-22120: Zabbix Server - Time-Based Blind SQL injection
- POC CVE-2016-10134: Zabbix - SQL Injection
- POC CVE-2019-17382: Zabbix <=4.4 - Authentication Bypass
- POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
- POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
- POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
- POC CVE-2016-10134: Zabbix SQL Injection Vulnerability
- POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
- POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
- POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
- POC zabbix-default-password: Zabbix Default Password
- POC zabbix-authentication-bypass: Zabbix authentication Bypass