Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4674SQL Injection in Zabbix

CWE-89SQL Injection8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ZabbixDebian Zabbix
Timeline
PublishedDec 2
Latest updateMay 17

Description

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/zabbix< zabbix 1:1.8.9-1 (bookworm)
Debianzabbix/zabbix< 1:1.8.9-1+3
NVDzabbix/zabbix1.8.3, 1.8.4+1

🔴Vulnerability Details

2
GHSA
GHSA-9947-j3mv-mffj: SQL injection vulnerability in popup2022-05-17
OSV
CVE-2011-4674: SQL injection vulnerability in popup2011-12-02

💥Exploits & PoCs

1
Exploit-DB
Zabbix 1.8.4 - 'popup.php' SQL Injection2011-11-24

📋Vendor Advisories

1
Debian
CVE-2011-4674: zabbix - SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly...2011

💬Community

3
Bugzilla
CVE-2011-4674 zabbix: SQL injection vulnerability fixed in 1.8.9 [fedora-all]2011-12-02
Bugzilla
CVE-2011-4674 zabbix: SQL injection vulnerability fixed in 1.8.9 [epel-6]2011-12-02
Bugzilla
CVE-2011-4674 zabbix: SQL injection vulnerability fixed in 1.8.92011-12-02