cve-2011-4674

Vulnerability from cvelistv5

Published

2011-12-02 18:00

Modified

2024-08-07 00:09

Severity ?

Summary

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

References

URL	Tags
cve@mitre.org	http://www.exploit-db.com/exploits/18155	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/50803	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/71479
cve@mitre.org	https://support.zabbix.com/browse/ZBX-4385	Exploit

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:19.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18155",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18155"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.zabbix.com/browse/ZBX-4385"
          },
          {
            "name": "zabbix-popup-sql-injection(71479)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
          },
          {
            "name": "50803",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/50803"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "18155",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18155"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.zabbix.com/browse/ZBX-4385"
        },
        {
          "name": "zabbix-popup-sql-injection(71479)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
        },
        {
          "name": "50803",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/50803"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4674",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18155",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18155"
            },
            {
              "name": "https://support.zabbix.com/browse/ZBX-4385",
              "refsource": "CONFIRM",
              "url": "https://support.zabbix.com/browse/ZBX-4385"
            },
            {
              "name": "zabbix-popup-sql-injection(71479)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
            },
            {
              "name": "50803",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/50803"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-4674",
    "datePublished": "2011-12-02T18:00:00",
    "dateReserved": "2011-12-02T00:00:00",
    "dateUpdated": "2024-08-07T00:09:19.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-4674\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-12-02T18:55:02.967\",\"lastModified\":\"2017-08-29T01:30:32.257\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en popup.php en Zabbix v1.8.3 y v1.8.4, y posiblemente otras versiones anteriores a v1.8.9, permite a atacantes remotos inyectar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro only_hostid\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4332A9-1D31-41BB-B374-369C583639E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF5BE8CC-AC6B-4F9F-9717-26931F524092\"}]}]}],\"references\":[{\"url\":\"http://www.exploit-db.com/exploits/18155\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/50803\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/71479\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.zabbix.com/browse/ZBX-4385\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]}]}}"
  }
}

gsd-2011-4674

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

Aliases

CVE-2011-4674

Aliases

CVE-2011-4674

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4674",
    "description": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.",
    "id": "GSD-2011-4674"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4674"
      ],
      "details": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.",
      "id": "GSD-2011-4674",
      "modified": "2023-12-13T01:19:05.841936Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-4674",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "18155",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/18155"
          },
          {
            "name": "https://support.zabbix.com/browse/ZBX-4385",
            "refsource": "CONFIRM",
            "url": "https://support.zabbix.com/browse/ZBX-4385"
          },
          {
            "name": "zabbix-popup-sql-injection(71479)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
          },
          {
            "name": "50803",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/50803"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4674"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50803",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/50803"
            },
            {
              "name": "https://support.zabbix.com/browse/ZBX-4385",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://support.zabbix.com/browse/ZBX-4385"
            },
            {
              "name": "18155",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/18155"
            },
            {
              "name": "zabbix-popup-sql-injection(71479)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:30Z",
      "publishedDate": "2011-12-02T18:55Z"
    }
  }
}

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. ZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201311-15

                                        http://security.gentoo.org/

Severity: Normal Title: Zabbix: Multiple vulnerabilities Date: November 25, 2013 Bugs: #312875, #394497, #428372, #452878, #486696 ID: 201311-15

Synopsis

Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure.

Background

Zabbix is software for monitoring applications, networks, and servers.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-analyzer/zabbix < 2.0.9_rc1-r2 >= 2.0.9_rc1-r2

Description

Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Zabbix users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/zabbix-2.0.9_rc1-r2"

References

[ 1 ] CVE-2010-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277 [ 2 ] CVE-2011-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904 [ 3 ] CVE-2011-3263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263 [ 4 ] CVE-2011-4674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674 [ 5 ] CVE-2012-3435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435 [ 6 ] CVE-2013-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364 [ 7 ] CVE-2013-5572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201311-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0335",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "zabbix",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "zabbix",
        "version": "1.8.4"
      },
      {
        "model": "zabbix",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "zabbix",
        "version": "1.8.3"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "zabbix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "zabbix",
        "version": "1.8.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "zabbix",
        "version": "1.8.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "zabbix",
        "version": "1.8.4"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "BID",
        "id": "50803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "M?cio Almeida de Mac?o",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2011-4674",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2011-4674",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4674",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201112-017",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201311-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Zabbix: Multiple vulnerabilities\n     Date: November 25, 2013\n     Bugs: #312875, #394497, #428372, #452878, #486696\n       ID: 201311-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Zabbix, possibly leading to\nSQL injection attacks, Denial of Service, or information disclosure. \n\nBackground\n==========\n\nZabbix is software for monitoring applications, networks, and servers. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-analyzer/zabbix       \u003c 2.0.9_rc1-r2         \u003e= 2.0.9_rc1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Zabbix. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to execute arbitrary SQL statements,\ncause a Denial of Service condition, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zabbix users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=net-analyzer/zabbix-2.0.9_rc1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1277\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277\n[ 2 ] CVE-2011-2904\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904\n[ 3 ] CVE-2011-3263\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263\n[ 4 ] CVE-2011-4674\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674\n[ 5 ] CVE-2012-3435\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435\n[ 6 ] CVE-2013-1364\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364\n[ 7 ] CVE-2013-5572\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201311-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "BID",
        "id": "50803"
      },
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "124173"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "50803",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674",
        "trust": 3.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "18155",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "71479",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "CCC54B70-1F7D-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124173",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "BID",
        "id": "50803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "PACKETSTORM",
        "id": "124173"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "id": "VAR-201112-0335",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      }
    ],
    "trust": 0.08
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:11:18.450000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ZBX-4385",
        "trust": 0.8,
        "url": "https://support.zabbix.com/browse/zbx-4385"
      },
      {
        "title": "ZABBIX \u0027only_hostid\u0027 parameter SQL injection vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/6037"
      },
      {
        "title": "zabbix-1.8.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41938"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.securityfocus.com/bid/50803"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/18155"
      },
      {
        "trust": 1.6,
        "url": "https://support.zabbix.com/browse/zbx-4385"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4674"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4674"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/71479"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4674"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5572"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3263"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3435"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201311-15.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3263"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5572"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4674"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1277"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2904"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3435"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "PACKETSTORM",
        "id": "124173"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "BID",
        "id": "50803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "db": "PACKETSTORM",
        "id": "124173"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-25T00:00:00",
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-11-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "date": "2011-11-24T00:00:00",
        "db": "BID",
        "id": "50803"
      },
      {
        "date": "2011-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "date": "2013-11-25T23:55:55",
        "db": "PACKETSTORM",
        "id": "124173"
      },
      {
        "date": "2011-12-02T18:55:02.967000",
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "date": "2011-12-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "date": "2015-04-13T21:58:00",
        "db": "BID",
        "id": "50803"
      },
      {
        "date": "2011-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003195"
      },
      {
        "date": "2017-08-29T01:30:32.257000",
        "db": "NVD",
        "id": "CVE-2011-4674"
      },
      {
        "date": "2011-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "date": "2011-12-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZABBIX \u0027only_hostid\u0027 parameter SQL injection vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5067"
      },
      {
        "db": "BID",
        "id": "50803"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "IVD",
        "id": "ccc54b70-1f7d-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-017"
      }
    ],
    "trust": 1.4
  }
}

ghsa-9947-j3mv-mffj

Vulnerability from github

Published

2022-05-17 01:52

Modified

2022-05-17 01:52

Details

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-12-02T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.",
  "id": "GHSA-9947-j3mv-mffj",
  "modified": "2022-05-17T01:52:02Z",
  "published": "2022-05-17T01:52:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4674"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71479"
    },
    {
      "type": "WEB",
      "url": "https://support.zabbix.com/browse/ZBX-4385"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/18155"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/50803"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2011-4674

Vulnerability from cvelistv5

gsd-2011-4674

Vulnerability from gsd

var-201112-0335

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

ghsa-9947-j3mv-mffj

Vulnerability from github

Tags