5 matches found
CVE-2010-1277
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to apijsonrpc.php...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0751, CVE-2010-1277. Reason: this candidate was intended for one issue, but it was accidentally assigned to two different issues, one for libnids and another for Zabbix. Notes: All CVE users should consult CVE-2010-0751 libni...
CVE-2010-1277
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to apijsonrpc.php...
CVE-2010-1277
Zabbix 1.8.x before 1.8.2 is affected by an SQL injection in the API’s user.authenticate via the JSON payload to api_jsonrpc.php. The issue allows remote attackers to execute arbitrary SQL commands. Per connected advisories, upgrade to the latest Zabbix package (Gentoo GLSA 201311-15 recommends &...
CVE-2010-1277
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to apijsonrpc.php...