CVE-2009-4498

Zabbix Server <1.8 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-4498. PoCs published by Metasploit, including Metasploit module exploits/linux/misc/zabbix_server_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2009-4498, an arbitrary command execution vulnerability in Zabbix Server versions prior to 1.6.9. It abuses the 'Command' trap to execute commands without authentication, leveraging a node ID discovery mechanism if the default ID fails.

Description

The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/20796

This Metasploit module exploits CVE-2009-4498, an arbitrary command execution vulnerability in Zabbix Server versions prior to 1.6.9. It abuses the 'Command' trap to execute commands without authentication, leveraging a node ID discovery mechanism if the default ID fails.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Zabbix Server < 1.6.9
No auth needed
Prerequisites: Network access to Zabbix Server on port 10051
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsmultiple
https://www.exploit-db.com/exploits/10432

This is a technical writeup detailing multiple vulnerabilities in Zabbix Server, including remote command execution, SQL injection, and denial-of-service (NULL dereference) flaws. It references faulty source code functions, changelog entries, and patched versions without providing functional exploit code.

Classification
Writeup 95%
Attack Type
Rce | Sqli | Dos
Complexity
Moderate
Reliability
Theoretical
Target: Zabbix Server (versions 1.6.6, 1.6.7, 1.6.8, 1.8)
No auth needed
Prerequisites: Network access to Zabbix Server · Knowledge of vulnerable functions
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/zabbix_server_exec.rb

This Metasploit module exploits an arbitrary command execution vulnerability in Zabbix Server versions prior to 1.6.9 by abusing the 'Command' trap without authentication. It includes logic to discover the Node ID if the default (0) fails.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Zabbix Server < 1.6.9
No auth needed
Prerequisites: Network access to Zabbix Server (default port 10051)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508436/30/60/threaded
Various Sources x_refsource_confirm
https://support.zabbix.com/browse/ZBX-1030
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/04/02/1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37740
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3514

Scores

EPSS 0.7178
EPSS Percentile 98.8%

Details

CWE
CWE-78
Status published
Products (14)
zabbix/zabbix 1.1.2
zabbix/zabbix 1.1.3
zabbix/zabbix 1.1.4
zabbix/zabbix 1.1.5
zabbix/zabbix 1.4.2
zabbix/zabbix 1.4.3
zabbix/zabbix 1.6.6
zabbix/zabbix 1.6.7
zabbix/zabbix 1.6.8
zabbix/zabbix 1.7
... and 4 more
Published Dec 31, 2009
Tracked Since Feb 18, 2026