Unrated severityNVD Advisory· Published Apr 6, 2010· Updated Apr 29, 2026

CVE-2010-1277

Description

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.

Affected products

Zabbix/Zabbix2 versions
cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zabbix.com/rn1.8.2.phpnvdPatch
archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.htmlnvdExploit
legalhackers.com/advisories/zabbix181api-sql.txtnvdExploit
legalhackers.com/poc/zabbix181api.pl-pocnvdExploit
www.securityfocus.com/bid/39148nvdExploit
secunia.com/advisories/39119nvdVendor Advisory
www.vupen.com/english/advisories/2010/0799nvdVendor Advisory
www.osvdb.org/63456nvd
www.securityfocus.com/archive/1/510480/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000