Lucene search

[email protected]CVE-2012-3435

HistoryAug 15, 2012 - 8:55 p.m.

CVE-2012-3435

2012-08-1520:55:03

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-3435

sql injection

zabbix

remote execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

Affected configurations

NVD

Node

zabbixzabbixRange≤1.8.15rc1

zabbixzabbixMatch1.1

zabbixzabbixMatch1.1beta10

zabbixzabbixMatch1.1beta11

zabbixzabbixMatch1.1beta12

zabbixzabbixMatch1.1beta2

zabbixzabbixMatch1.1beta3

zabbixzabbixMatch1.1beta4

zabbixzabbixMatch1.1beta5

zabbixzabbixMatch1.1beta6

zabbixzabbixMatch1.1beta7

zabbixzabbixMatch1.1beta8

zabbixzabbixMatch1.1beta9

zabbixzabbixMatch1.1.1

zabbixzabbixMatch1.1.2

zabbixzabbixMatch1.1.3

zabbixzabbixMatch1.1.4

zabbixzabbixMatch1.1.5

zabbixzabbixMatch1.1.6

zabbixzabbixMatch1.1.7

zabbixzabbixMatch1.3beta

zabbixzabbixMatch1.3.1beta

zabbixzabbixMatch1.3.2beta

zabbixzabbixMatch1.3.3beta

zabbixzabbixMatch1.3.4beta

zabbixzabbixMatch1.3.5beta

zabbixzabbixMatch1.3.6beta

zabbixzabbixMatch1.3.7beta

zabbixzabbixMatch1.3.8beta

zabbixzabbixMatch1.4.2

zabbixzabbixMatch1.4.3

zabbixzabbixMatch1.4.4

zabbixzabbixMatch1.4.5

zabbixzabbixMatch1.4.6

zabbixzabbixMatch1.5beta

zabbixzabbixMatch1.5.1beta

zabbixzabbixMatch1.5.2beta

zabbixzabbixMatch1.5.3beta

zabbixzabbixMatch1.5.4beta

zabbixzabbixMatch1.6

zabbixzabbixMatch1.6.1

zabbixzabbixMatch1.6.2

zabbixzabbixMatch1.6.3

zabbixzabbixMatch1.6.4

zabbixzabbixMatch1.6.5

zabbixzabbixMatch1.6.6

zabbixzabbixMatch1.6.7

zabbixzabbixMatch1.6.8

zabbixzabbixMatch1.6.9

zabbixzabbixMatch1.7

zabbixzabbixMatch1.7.1

zabbixzabbixMatch1.7.2

zabbixzabbixMatch1.7.3

zabbixzabbixMatch1.7.4

zabbixzabbixMatch1.8

zabbixzabbixMatch1.8.1

zabbixzabbixMatch1.8.2

zabbixzabbixMatch1.8.3rc1

zabbixzabbixMatch1.8.3rc2

zabbixzabbixMatch1.8.3rc3

zabbixzabbixMatch2.0.0

zabbixzabbixMatch2.0.0rc1

zabbixzabbixMatch2.0.0rc2

zabbixzabbixMatch2.0.0rc3

zabbixzabbixMatch2.0.0rc4

zabbixzabbixMatch2.0.0rc5

zabbixzabbixMatch2.0.0rc6

zabbixzabbixMatch2.0.1

zabbixzabbixMatch2.0.1rc1

zabbixzabbixMatch2.0.1rc2

CPENameOperatorVersion
zabbix:zabbixzabbixle1.8.15
zabbix:zabbixzabbixeq1.1
zabbix:zabbixzabbixeq1.1.1
zabbix:zabbixzabbixeq1.1.2
zabbix:zabbixzabbixeq1.1.3
zabbix:zabbixzabbixeq1.1.4
zabbix:zabbixzabbixeq1.1.5
zabbix:zabbixzabbixeq1.1.6
zabbix:zabbixzabbixeq1.1.7
zabbix:zabbixzabbixeq1.3

CPE	Name	Operator	Version
zabbix:zabbix	zabbix	le	1.8.15
zabbix:zabbix	zabbix	eq	1.1
zabbix:zabbix	zabbix	eq	1.1.1
zabbix:zabbix	zabbix	eq	1.1.2
zabbix:zabbix	zabbix	eq	1.1.3
zabbix:zabbix	zabbix	eq	1.1.4
zabbix:zabbix	zabbix	eq	1.1.5
zabbix:zabbix	zabbix	eq	1.1.6
zabbix:zabbix	zabbix	eq	1.1.7
zabbix:zabbix	zabbix	eq	1.3