Zabbix : Security Vulnerabilities, CVEs, Published In 2017
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
Max CVSS
8.1
EPSS Score
71.58%
Published
2017-05-24
Updated
2019-10-03
CVE-2016-10134
Public exploit
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Max CVSS
9.8
EPSS Score
5.37%
Published
2017-02-17
Updated
2017-11-04
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
Max CVSS
8.1
EPSS Score
2.12%
Published
2017-01-23
Updated
2018-10-09
3 vulnerabilities found