Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4338 — SQL Injection in Zabbix

CWE-89 — SQL Injection8 documents7 sources

Severity

8.1HIGHNVD

OSV9.8

EPSS

45.0%

top 2.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zabbix Debian Zabbix

Timeline

PublishedJan 23

Latest updateJun 15

Description

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/zabbix< zabbix 1:3.0.3+dfsg-1 (bookworm)

▶Debianzabbix/zabbix< 1:3.0.3+dfsg-1+3

▶Ubuntuzabbix/zabbix< 1:2.2.2+dfsg-1ubuntu1+esm4+3

▶NVDzabbix/zabbix33 versions+32

Patches

Patch: support.zabbix.com ↗Patch: support.zabbix.com ↗

🔴Vulnerability Details

OSV

zabbix vulnerabilities↗2022-06-15

▶

GHSA

GHSA-399r-wgcm-v67f: The mysql user parameter configuration script (userparameter_mysql↗2022-05-14

▶

OSV

CVE-2016-4338: The mysql user parameter configuration script (userparameter_mysql↗2017-01-23

▶

💥Exploits & PoCs

Exploit-DB

Zabbix Agent 3.0.1 - 'mysql.size' Shell Command Injection↗2016-05-04

▶

📋Vendor Advisories

Ubuntu

Zabbix vulnerabilities↗2022-06-15

▶

Debian

CVE-2016-4338: zabbix - The mysql user parameter configuration script (userparameter_mysql.conf) in the ...↗2016

▶

💬Community

Bugzilla

CVE-2016-4338 zabbix: mysql.size shell command injection↗2016-12-15

▶