CVE-2011-3264

Zabbix < 1.8.6 - Unauthenticated Sensitive Information Exposure via Invalid srcfld2 Parameter

Title source: llm
STIX 2.1

Description

Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
https://support.zabbix.com/browse/ZBX-3840
Patch x_refsource_confirm
http://www.zabbix.com/rn1.8.6.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69377

Scores

EPSS 0.0126
EPSS Percentile 66.2%

Details

CWE
CWE-200
Status published
Products (39)
zabbix/zabbix 1.1 (12 CPE variants)
zabbix/zabbix 1.1.1
zabbix/zabbix 1.1.2
zabbix/zabbix 1.1.3
zabbix/zabbix 1.1.4
zabbix/zabbix 1.1.5
zabbix/zabbix 1.1.6
zabbix/zabbix 1.1.7
zabbix/zabbix 1.3 beta
zabbix/zabbix 1.3.1 beta
... and 29 more
Published Aug 19, 2011
Tracked Since Feb 18, 2026