CVE-2013-5572

Zabbix 2.0.5 - Info Disclosure

Title source: llm

Description

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

Exploits (1)

exploitdb WORKING POC

by Pablo González · rubywebappsphp

https://www.exploit-db.com/exploits/36157

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html

Scores

EPSS 0.0782

EPSS Percentile 92.0%

Details

CWE

CWE-264

Status published

Products (1)

zabbix/zabbix 2.0.5

Published Oct 01, 2013

Tracked Since Feb 18, 2026