Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zabbix SIA Zabbix 跨站请求伪造漏洞
Vulnerability Description
Zabbix Sia Zabbix是拉脱维亚Zabbix SIA(Zabbix Sia)公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 存在跨站请求伪造漏洞,该漏洞源于CControllerAuthenticationUpdate控制器缺乏CSRF保护机制。这个控制器中的代码在init()方法中调用diableSIDValidation。以下产品及版本受到影响:Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.
CVSS Information
N/A
Vulnerability Type
N/A