Candidate: CVE-2011-4674
PublicDate: 2011-12-02 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4674
Description:
 SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and
 possibly other versions before 1.8.9, allows remote attackers to execute
 arbitrary SQL commands via the only_hostid parameter.
Ubuntu-Description:
Notes:
 mdeslaur> May be fixed in 1.8.5, unclear
 mdeslaur> PoC: http://www.exploit-db.com/exploits/18155/
Bugs:
 https://support.zabbix.com/browse/ZBX-4385
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_zabbix:
upstream_zabbix: released (1.8.9)
hardy_zabbix: ignored (reached end-of-life)
lucid_zabbix: ignored (reached end-of-life)
maverick_zabbix: ignored (reached end-of-life)
natty_zabbix: ignored (reached end-of-life)
oneiric_zabbix: ignored (reached end-of-life)
precise_zabbix: not-affected (1:1.8.9-1)
quantal_zabbix: not-affected (1:1.8.9-1)
raring_zabbix: not-affected (1:1.8.9-1)
saucy_zabbix: not-affected (1:1.8.9-1)
devel_zabbix: not-affected (1:1.8.9-1)