CVE-2009-4499

Published Dec 31, 2009

Last updated 15 years ago

Overview

Description: SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52E13E4C-E1AE-4B50-92C8-EDD8E0374E39",
            "versionEndIncluding": "1.6.7"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0FB47B1-330E-4ED4-A4AF-993DC613B782"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA7AA37E-2E1A-471D-95AE-83A2CABF1DF5"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFABFF16-FD5E-4FCF-BDF8-AE8D654CEAD4"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03E211F0-2F61-4503-AE89-0F750C2848B5"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55BC3D41-DB27-4509-8908-0A7F0A19206E"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96A266AD-7853-40D0-8D1B-6ECFF34A76AA"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB1611DD-8EB1-49FE-8995-C9D853F812F3"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C27222F-3FA6-4F9A-A017-37B77E536CFF"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6866F9A2-3986-4F63-8DBA-23E4B59A0C11"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References