CVE-2012-3435
published 2012-08-15CVE-2012-3435: SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.58%
88.0th percentile
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zabbix | < zabbix 1:2.0.2+dfsg-1 (bookworm) | zabbix 1:2.0.2+dfsg-1 (bookworm) |
| zabbix | zabbix | <= 1.8.15 | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-3435: zabbix - SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1...
vendor_debian·2012·CVSS 7.5
CVE-2012-3435 [HIGH] CVE-2012-3435: zabbix - SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1...
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
Scope: local
bookworm: resolved (fixed in 1:2.0.2+dfsg-1)
bullseye: resolved (fixed in 1:2.0.2+dfsg-1)
forky: resolved (fixed in 1:2.0.2+dfsg-1)
sid: resolved (fixed in 1:2.0.2+dfsg-1)
trixie: resolved (fixed in 1:2.0.2+dfsg-1)
GHSA
GHSA-w8xh-986v-xwgh: SQL injection vulnerability in frontends/php/popup_bitem
ghsa_unreviewed·2022-05-17
CVE-2012-3435 [HIGH] CWE-89 GHSA-w8xh-986v-xwgh: SQL injection vulnerability in frontends/php/popup_bitem
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
OSV
CVE-2012-3435: SQL injection vulnerability in frontends/php/popup_bitem
osv·2012-08-15·CVSS 7.5
CVE-2012-3435 [HIGH] CVE-2012-3435: SQL injection vulnerability in frontends/php/popup_bitem
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
No detection rules found.
http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54http://osvdb.org/84127http://secunia.com/advisories/49809http://secunia.com/advisories/50475http://www.debian.org/security/2012/dsa-2539http://www.exploit-db.com/exploits/20087http://www.openwall.com/lists/oss-security/2012/07/27/6http://www.openwall.com/lists/oss-security/2012/07/28/3http://www.securityfocus.com/bid/54661https://exchange.xforce.ibmcloud.com/vulnerabilities/77195https://support.zabbix.com/browse/ZBX-5348http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54http://osvdb.org/84127http://secunia.com/advisories/49809http://secunia.com/advisories/50475http://www.debian.org/security/2012/dsa-2539http://www.exploit-db.com/exploits/20087http://www.openwall.com/lists/oss-security/2012/07/27/6http://www.openwall.com/lists/oss-security/2012/07/28/3http://www.securityfocus.com/bid/54661https://exchange.xforce.ibmcloud.com/vulnerabilities/77195https://support.zabbix.com/browse/ZBX-5348
2012-08-15
Published