CVE-2013-3628

HIGH

Zabbix 2.0.9 - Remote Command Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3628. PoCs published by Metasploit, including Metasploit module exploits/multi/http/zabbix_script_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated remote command execution vulnerability in Zabbix by creating a malicious script and executing it on the Zabbix host via a crafted host entry with IP 127.0.0.1.

Description

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/29321

View Code ZIP pw:eip

This Metasploit module exploits an authenticated remote command execution vulnerability in Zabbix by creating a malicious script and executing it on the Zabbix host via a crafted host entry with IP 127.0.0.1.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zabbix v2.0.0 to v2.0.8

Auth required

Prerequisites: Valid Zabbix administrator credentials · Network access to the Zabbix web interface

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/zabbix_script_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated remote command execution vulnerability in Zabbix by creating and executing malicious scripts or items on the target host. It supports multiple techniques (script/item) and payload types (Unix command, Linux dropper).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zabbix (versions 2.0.5, 2.0.9, 3.0.1, 4.0.18, 5.0.17, 6.0.0)

Auth required

Prerequisites: Valid Zabbix credentials · Access to Zabbix API · For item technique: Zabbix >= 3.0 with AllowKey=system.run[*] enabled

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats

Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/63453

Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/29321

Scores

CVSS v3 8.8

EPSS 0.6746

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (1)

zabbix/zabbix 2.0.9

Published Feb 07, 2020

Tracked Since Feb 18, 2026