[Secure-testing-team] Bug#577058: CVE-2010-1277: SQL injection vulnerability
Giuseppe Iuculano
iuculano at debian.org
Fri Apr 9 09:19:04 UTC 2010
Package: zabbix
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for zabbix.
CVE-2010-1277[0]:
| SQL injection vulnerability in the user.authenticate method in the API
| in Zabbix 1.8 before 1.8.2 allows remote attackers to execute
| arbitrary SQL commands via the user parameter in JSON data to
| api_jsonrpc.php.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1277
http://security-tracker.debian.org/tracker/CVE-2010-1277
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku+8QYACgkQNxpp46476aohxgCeOJ/ft09ZEbsVRZQfZGKPOStl
dsIAni/gOpxw+gb/ZGH7pbP8ItreKgGH
=GH0v
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list