Description
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Marcio Almeida · textwebappsphp
https://www.exploit-db.com/exploits/18155
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18155
Exploit x_refsource_confirm
https://support.zabbix.com/browse/ZBX-4385
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71479
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50803
Scores
EPSS
0.0036
EPSS Percentile
58.1%
Details
CWE
CWE-89
Status
published
Products (2)
zabbix/zabbix
1.8.3
zabbix/zabbix
1.8.4
Published
Dec 02, 2011
Tracked Since
Feb 18, 2026