CVE-2009-4499

Zabbix Server <1.6.8 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4499.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in Zabbix Server, including remote command execution, SQL injection, and denial-of-service (NULL dereference) flaws. It references faulty source code functions, changelog entries, and patched versions.

Description

SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.

Exploits (1)

exploitdb WRITEUP
webappsmultiple
https://www.exploit-db.com/exploits/10432

This is a technical writeup detailing multiple vulnerabilities in Zabbix Server, including remote command execution, SQL injection, and denial-of-service (NULL dereference) flaws. It references faulty source code functions, changelog entries, and patched versions.

Classification
Writeup 90%
Attack Type
Rce | Sqli | Dos
Complexity
Moderate
Reliability
Theoretical
Target: Zabbix Server (versions 1.6.6, 1.6.7, 1.6.8, 1.8)
No auth needed
Prerequisites: Network access to Zabbix Server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508436/30/60/threaded
Vendor Advisory x_refsource_confirm
https://support.zabbix.com/browse/ZBX-1031
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37740
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3514

Scores

EPSS 0.0239
EPSS Percentile 81.8%

Details

CWE
CWE-89
Status published
Products (10)
zabbix/zabbix 1.1.2
zabbix/zabbix 1.1.3
zabbix/zabbix 1.1.4
zabbix/zabbix 1.1.5
zabbix/zabbix 1.4.2
zabbix/zabbix 1.4.3
zabbix/zabbix 1.4.4
zabbix/zabbix 1.4.6
zabbix/zabbix 1.6.6
zabbix/zabbix < 1.6.7
Published Dec 31, 2009
Tracked Since Feb 18, 2026