Zabbix is an enterprise open source monitoring software for networks and applications.
profileIdx2 parameter in
jsrpc.php under the Zabbix directory does not impose tight filtering policies for some parameters.
Attackers can construct a malicious request and use the guest account permissions in Zabbix to start web SQL injection attacks on the website, and to further steal the website data or break into the server.
- Zabbix 2.0.x
- Zabbix 2.2.x
- Zabbix 2.4.x
- Zabbix 3.0.0 - 3.0.3