CVE-2009-4498

This Metasploit module exploits CVE-2009-4498, an arbitrary command execution vulnerability in Zabbix Server versions prior to 1.6.9. It abuses the 'Command' trap to execute commands without authentication, leveraging a node ID discovery mechanism if the default ID fails.

This is a technical writeup detailing multiple vulnerabilities in Zabbix Server, including remote command execution, SQL injection, and denial-of-service (NULL dereference) flaws. It references faulty source code functions, changelog entries, and patched versions without providing functional exploit code.

This Metasploit module exploits an arbitrary command execution vulnerability in Zabbix Server versions prior to 1.6.9 by abusing the 'Command' trap without authentication. It includes logic to discover the Node ID if the default (0) fails.