Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-5743 — SQL Injection in Zabbix

CWE-89 — SQL Injection7 documents7 sources

Severity

9.8CRITICALNVD

EPSS

77.8%

top 1.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zabbix Debian Zabbix

Timeline

PublishedDec 11

Latest updateMay 5

Description

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:2.0.8+dfsg-2 (bookworm)

▶Debianzabbix/zabbix< 1:2.0.8+dfsg-2+3

▶NVDzabbix/zabbix1.8 — 1.8.17+2

Patches

Patch: support.zabbix.com ↗Patch: support.zabbix.com ↗

🔴Vulnerability Details

GHSA

GHSA-2j4h-qfp4-82q7: Multiple SQL injection vulnerabilities in Zabbix 1↗2022-05-05

▶

OSV

CVE-2013-5743: Multiple SQL injection vulnerabilities in Zabbix 1↗2019-12-11

▶

💥Exploits & PoCs

Exploit-DB

Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)↗2013-10-15

▶

Metasploit

Zabbix 2.0.8 SQL Injection and Remote Code Execution↗

▶

📋Vendor Advisories

Debian

CVE-2013-5743: zabbix - Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x b...↗2013

▶

💬Community

Bugzilla

CVE-2013-5743 zabbix: SQL injection flaws↗2013-10-08

▶