CVE-2013-5743
published 2019-12-11CVE-2013-5743: Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
79.99%
99.6th percentile
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zabbix | < zabbix 1:2.0.8+dfsg-2 (bookworm) | zabbix 1:2.0.8+dfsg-2 (bookworm) |
| zabbix | zabbix | >= 0 < 1:2.0.8+dfsg-2 | 1:2.0.8+dfsg-2 |
| zabbix | zabbix | >= 0 < 1:2.0.8+dfsg-2 | 1:2.0.8+dfsg-2 |
| zabbix | zabbix | >= 0 < 1:2.0.8+dfsg-2 | 1:2.0.8+dfsg-2 |
| zabbix | zabbix | >= 0 < 1:2.0.8+dfsg-2 | 1:2.0.8+dfsg-2 |
| zabbix | zabbix | 1.8 – 1.8.17 | — |
| zabbix | zabbix | 2.0.0 – 2.0.8 | — |
| zabbix | zabbix | 2.1.0 – 2.1.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor GET requests to httpmon.php with an 'applications' parameter containing SQL injection payloads — this is the unauthenticated SQLi entry point used to extract a valid session ID. ↗
- →Alert on POST requests to scripts.php that create a new script (form=Create+script) with type=0 and execute_on=1, which is the mechanism used to stage the remote code execution payload. ↗
- →The exploit targets an unauthenticated SQL injection via the 'applications' GET parameter on httpmon.php to retrieve an active session ID, then escalates to RCE if the session belongs to an administrator. ↗
- ·The exploit's default TARGETURI is '/zabbix'; installations with a non-default base path will use a different URI prefix, so detection rules should account for variable base paths when matching httpmon.php, scripts.php, and scripts_exec.php. ↗
- ·Affected versions span three release branches; ensure coverage includes Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-5743: zabbix - Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x b...
vendor_debian·2013·CVSS 9.8
CVE-2013-5743 [CRITICAL] CVE-2013-5743: zabbix - Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x b...
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
Scope: local
bookworm: resolved (fixed in 1:2.0.8+dfsg-2)
bullseye: resolved (fixed in 1:2.0.8+dfsg-2)
forky: resolved (fixed in 1:2.0.8+dfsg-2)
sid: resolved (fixed in 1:2.0.8+dfsg-2)
trixie: resolved (fixed in 1:2.0.8+dfsg-2)
GHSA
GHSA-2j4h-qfp4-82q7: Multiple SQL injection vulnerabilities in Zabbix 1
ghsa_unreviewed·2022-05-05
CVE-2013-5743 [HIGH] GHSA-2j4h-qfp4-82q7: Multiple SQL injection vulnerabilities in Zabbix 1
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
OSV
CVE-2013-5743: Multiple SQL injection vulnerabilities in Zabbix 1
osv·2019-12-11·CVSS 9.8
CVE-2013-5743 [CRITICAL] CVE-2013-5743: Multiple SQL injection vulnerabilities in Zabbix 1
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
No detection rules found.
Exploit-DB
Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)
exploitdb·2013-10-15
CVE-2013-5743 Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)
Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "Zabbix 2.0.8 SQL Injection and Remote Code Execution",
'Description' => %q{
This module exploits an unauthenticated SQL injection vulnerability affecting Zabbix
versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an
active session ID. If an administrator level user is identified, remote code execution
can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.
},
'Lic
Metasploit
Zabbix 2.0.8 SQL Injection and Remote Code Execution
metasploit
Zabbix 2.0.8 SQL Injection and Remote Code Execution
Zabbix 2.0.8 SQL Injection and Remote Code Execution
This module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.
https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5https://support.zabbix.com/browse/ZBX-7091https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5https://support.zabbix.com/browse/ZBX-7091
2019-12-11
Published