It was found that Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page. By exploiting this SQL injection vulnerability, an authenticated attacker (or guest user) is able to gain full access to the database. This would allow an attacker to escalate their privileges to a power user, compromise the database, or execute commands on the underlying database operating system. Although the attacker needs to be authenticated in general, the system could also be at risk if the adversary has no user account. Zabbix offers a guest mode which provides a low privileged default account for users without password. If this guest mode is enabled, the SQL injection vulnerability can be exploited unauthenticated. Upstream bug: https://support.zabbix.com/browse/ZBX-11023 External Reference: http://seclists.org/fulldisclosure/2016/Aug/60
Created zabbix22 tracking bugs for this issue: Affects: epel-all [bug 1367113]
Created zabbix tracking bugs for this issue: Affects: fedora-all [bug 1367112]
With all tracking issues closed, we can close this one too.