cbcvebase.

Zabbix vulnerabilities

127 known vulnerabilities affecting zabbix/zabbix.

Total CVEs
127
CISA KEV
2
actively exploited
Public exploits
20
Exploited in wild
3
Severity breakdown
CRITICAL18HIGH44MEDIUM52LOW13

Vulnerabilities

Page 1 of 7
CVE-2022-23131P1CRITICALCVSS 9.8KEVPoC≥ 5.4.0, ≤ 5.4.8v6.0.02022-01-13
CVE-2022-23131 [CRITICAL] CWE-290 CVE-2022-23131: In the case of instances where the SAML SSO authentication is enabled (non-default), session data ca In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML auth
nvd
CVE-2022-23134P1MEDIUMCVSS 5.3KEVPoC≥ 5.4.0, ≤ 5.4.8v6.0.02022-01-13
CVE-2022-23134 [MEDIUM] CWE-284 CVE-2022-23134: After the initial setup process, some steps of setup.php file are reachable not only by super-admini After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
nvdosv
CVE-2024-22120P1HIGHCVSS 8.8ExploitedPoC≥ 6.0.0, < 6.0.28≥ 6.4.0, < 6.4.13+4 more2024-05-17
CVE-2024-22120 [HIGH] CWE-20 CVE-2024-22120: Zabbix server can perform command execution for configured scripts. After command is executed, audit Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
nvdosv
CVE-2024-42327P1CRITICALCVSS 9.9PoC≥ 6.0.0, < 6.0.32≥ 6.4.0, < 6.4.17+4 more2024-11-27
CVE-2024-42327 [CRITICAL] CWE-89 CVE-2024-42327: A non-admin user account on the Zabbix frontend with the default User role, or with any other role t A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
nvdosv
CVE-2016-10134P2CRITICALCVSS 9.8PoC≤ 2.2.13v3.0.0+3 more2017-02-17
CVE-2016-10134 [CRITICAL] CWE-89 CVE-2016-10134: SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
nvdosv
CVE-2013-5743P2CRITICALCVSS 9.8PoC≥ 1.8, ≤ 1.8.17≥ 2.0.0, ≤ 2.0.8+1 more2019-12-11
CVE-2013-5743 [CRITICAL] CWE-89 CVE-2013-5743: Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
nvdosv
CVE-2013-3628P2HIGHCVSS 8.8PoCv2.0.92020-02-07
CVE-2013-3628 [HIGH] CWE-74 CVE-2013-3628: Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
nvd
CVE-2019-17382P2CRITICALCVSS 9.1PoC≤ 4.42019-10-09
CVE-2019-17382 [CRITICAL] CWE-639 CVE-2019-17382: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users
nvdosv
CVE-2016-4338P2HIGHCVSS 8.1PoCv2.0.0v2.0.1+31 more2017-01-23
CVE-2016-4338 [HIGH] CWE-89 CVE-2016-4338: The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix befo The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
nvdosv
CVE-2009-4502P2CRITICALCVSS 9.3PoC≤ 1.6.6v1.1.2+7 more2009-12-31
CVE-2009-4502 [CRITICAL] CWE-264 CVE-2009-4502: The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solari The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
nvdosv
CVE-2009-4498P2MEDIUMCVSS 6.8PoC≤ 1.7.4v1.1.2+12 more2009-12-31
CVE-2009-4498 [MEDIUM] CWE-78 CVE-2009-4498: The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arb The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
nvdosv
CVE-2020-15803P3MEDIUMCVSS 6.1PoC≤ 3.0.31≥ 4.0.0, ≤ 4.0.21+6 more2020-07-17
CVE-2020-15803 [MEDIUM] CWE-79 CVE-2020-15803: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
nvdosv
CVE-2024-36465P2HIGHCVSS 8.8≥ 7.0.0, ≤ 7.0.7≥ 7.2.0, < 7.2.2+2 more2025-04-02
CVE-2024-36465 [HIGH] CWE-89 CVE-2024-36465: A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
nvdosv
CVE-2012-3435P3HIGHCVSS 7.5PoC≤ 1.8.15v1.1+47 more2012-08-15
CVE-2012-3435 [HIGH] CWE-89 CVE-2012-3435: SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2. SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
nvdosv
CVE-2009-4499P3HIGHCVSS 7.5PoC≤ 1.6.7v1.1.2+8 more2009-12-31
CVE-2009-4499 [HIGH] CWE-89 CVE-2009-4499: SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbi SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
nvdosv
CVE-2011-4674P3HIGHCVSS 7.5PoCv1.8.3v1.8.42011-12-02
CVE-2011-4674 [HIGH] CWE-89 CVE-2011-4674: SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions befo SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
nvdosv
CVE-2017-2824P2HIGHCVSS 8.1v2.4.0v2.4.1+8 more2017-05-24
CVE-2017-2824 [HIGH] CWE-78 CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Se An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
nvdosv
CVE-2020-11800P2CRITICALCVSS 9.8≥ 2.2.0, < 3.0.31v3.2.02020-10-07
CVE-2020-11800 [CRITICAL] CVE-2020-11800: Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary co Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
nvdosv
CVE-2023-32728P3CRITICALCVSS 9.8≥ 5,0,0, ≤ 5.0.38≥ 6.0.0, ≤ 6.0.23+2 more2023-12-18
CVE-2023-32728 [CRITICAL] CWE-20 CVE-2023-32728: The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
nvdosv
CVE-2024-22122P3CRITICALCVSS 9.1≥ 5.0.0, ≤ 5.0.42≥ 6.0.0, ≤ 6.0.30+3 more2024-08-12
CVE-2024-22122 [CRITICAL] CWE-77 CVE-2024-22122: Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
nvdosv
Zabbix vulnerabilities | cvebase