The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-12-18
Updated
2023-12-22
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
2.26%
Published
2020-10-07
Updated
2022-01-01
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
Max CVSS
8.1
EPSS Score
71.58%
Published
2017-05-24
Updated
2019-10-03
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
Max CVSS
8.1
EPSS Score
2.12%
Published
2017-01-23
Updated
2018-10-09
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Max CVSS
9.8
EPSS Score
2.43%
Published
2018-02-01
Updated
2018-02-21
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.24%
Published
2020-02-17
Updated
2020-02-20
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!