|
| Description: | | Zabbix is an enterprise-level open source solution based on WEB interface that provides distributed system monitoring and network monitoring functions. There is SQL injection in the toggle_ids[] or profieldx2 parameters of jsrpc.php in Zabbix latest.php. The administrator account password is obtained through SQL injection, and then enters the background to perform a getshell operation. |
|
| Impact: | | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. |
|
| Affected OS: | | Linux, FreeBSD, Solaris, Others |
|
| Reference: | | https://support.zabbix.com/browse/ZBX-11023
|
|