CVE-2013-6824 — Code Injection in Zabbix

CWE-94 — Code Injection8 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedDec 19

Latest updateMay 17

Description

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:2.2.0+dfsg-6 (bookworm)

▶Debianzabbix/zabbix< 1:2.2.0+dfsg-6+3

▶NVDzabbix/zabbix1.8.18+2

Patches

Patch: www.zabbix.com ↗Patch: www.zabbix.com ↗Patch: www.zabbix.com ↗

🔴Vulnerability Details

GHSA

GHSA-fvmr-q9wm-2vfr: Zabbix before 1↗2022-05-17

▶

OSV

CVE-2013-6824: Zabbix before 1↗2013-12-19

▶

📋Vendor Advisories

Debian

CVE-2013-6824: zabbix - Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows re...↗2013

▶

💬Community

Bugzilla

CVE-2013-6824 zabbix: remote command execution from zabbix server↗2013-12-04

▶

Bugzilla

CVE-2013-6824 zabbix20: zabbix: remote command execution from zabbix server [epel-all]↗2013-12-04

▶

Bugzilla

CVE-2013-6824 zabbix: remote command execution from zabbix server [fedora-all]↗2013-12-04

▶

Bugzilla

CVE-2013-6824 zabbix: remote command execution from zabbix server [epel-all]↗2013-12-04

▶