Lucene search

[email protected]NVD:CVE-2010-1277

HistoryApr 06, 2010 - 4:30 p.m.

CVE-2010-1277

2010-04-0616:30:00

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.

Affected configurations

NVD

Node

zabbixzabbixMatch1.8

zabbixzabbixMatch1.8.1

References

archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html

legalhackers.com/advisories/zabbix181api-sql.txt

legalhackers.com/poc/zabbix181api.pl-poc

secunia.com/advisories/39119

www.osvdb.org/63456

www.securityfocus.com/archive/1/510480/100/0/threaded

www.securityfocus.com/bid/39148

www.vupen.com/english/advisories/2010/0799

www.zabbix.com/rn1.8.2.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for NVD:CVE-2010-1277

prion2 cve2 cvelist1 debiancve1 ubuntucve1 openvas2 nvd1 nessus1 gentoo1