CVE-2010-1277
EPSS 1.5%
Description
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
How to fix CVE-2010-1277
To remediate CVE-2010-1277, upgrade the affected package to a fixed version below.
- Debian/zabbix—upgrade to 1:1.8.2-1 or later
Is CVE-2010-1277 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.8.2-1