Zabbix Server send_history_last_id() SQL Injection
High Nessus Plugin ID 43391
The remote monitoring service has a SQL injection vulnerability.
The version of Zabbix server running on the remote host has a SQL injection vulnerability in the 'send_history_last_id()' function of 'nodehistory.c'. A remote attacker could exploit this by sending a specially crafted request, resulting in the execution of arbitrary queries. The vendor released a partial fix in version 1.6.7, but certain types of SQL injections are still possible.