CVE-2013-6824

Zabbix < 1.8.19rc1, 2.0 < 2.0.10rc1, 2.2 < 2.2.1rc1 - Remote Code Execution via Newline in Flexible User Parameter

Title source: llm
STIX 2.1

Description

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.

References (5)

Core 5
Core References
Exploit, Patch x_refsource_confirm
https://support.zabbix.com/browse/ZBX-7479
Patch, Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn1.8.19rc1.php
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-26.xml
Patch, Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn2.0.10rc1.php
Patch, Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn2.2.1rc1.php

Scores

EPSS 0.0275
EPSS Percentile 84.4%

Details

CWE
CWE-94
Status published
Products (3)
zabbix/zabbix 2.0.0
zabbix/zabbix 2.2.0
zabbix/zabbix < 1.8.18
Published Dec 19, 2013
Tracked Since Feb 18, 2026