.. / CVE-2016-10134

Exploit for Zabbix - SQL Injection (CVE-2016-10134)

Description:

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.

Nuclei Template

View the template here CVE-2016-10134.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-10134.yaml

References:

http://www.debian.org/security/2017/dsa-3802
https://support.zabbix.com/browse/ZBX-11023
https://nvd.nist.gov/vuln/detail/CVE-2016-10134
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134

.. / CVE-2016-10134 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zabbix - SQL Injection (CVE-2016-10134)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-10134