漏洞描述
zabbix 是一个基于WEB界面的提供分布式系统监视以及网络监视功能的企业级的开源解决方案。CVE-2022-23131 中,若zabbix 开启了SAML SSO 单点登录认证功能,则攻击者可构造恶意的请求从而通过认证,以Admin身份进入Zabbix控制台,造成敏感信息泄漏,或者远程命令执行。
Zabbix SAML SSO /index_sso.php 登录绕过漏洞
PoC代码
暂无相关漏洞推荐
- Zabbix /api_jsonrpc.php SQL 注入漏洞(CVE-2024-36465)
- POC CVE-2024-22120: Zabbix Server - Time-Based Blind SQL injection
- POC CVE-2016-10134: Zabbix - SQL Injection
- POC CVE-2019-17382: Zabbix <=4.4 - Authentication Bypass
- POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
- POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
- POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
- POC CVE-2016-10134: Zabbix SQL Injection Vulnerability
- POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
- POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
- POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
- POC zabbix-default-password: Zabbix Default Password
- POC zabbix-authentication-bypass: Zabbix authentication Bypass