CVE-2010-0712 Information

Description

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3 and other versions before 2.5 allow remote authenticated users to execute arbitrary SQL commands via the (1) severity (2) state (3) filter (4) offset and (5) count parameters.

Reference

http://dev.zenoss.org/trac/changeset/15257 http://osvdb.org/61804 http://secunia.com/advisories/38195 http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/ http://www.securityfocus.com/bid/37802 http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html https://exchange.xforce.ibmcloud.com/vulnerabilities/55670