CVE-2013-6824
Zabbix < 1.8.19rc1, 2.0 < 2.0.10rc1, 2.2 < 2.2.1rc1 - Remote Code Execution via Newline in Flexible User Parameter
Title source: llmDescription
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
References (5)
Core 5
Core References
Exploit, Patch x_refsource_confirm
https://support.zabbix.com/browse/ZBX-7479
Patch, Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn1.8.19rc1.php
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-26.xml
Patch, Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn2.0.10rc1.php
Patch, Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn2.2.1rc1.php
Scores
EPSS
0.0275
EPSS Percentile
84.4%
Details
CWE
CWE-94
Status
published
Products (3)
zabbix/zabbix
2.0.0
zabbix/zabbix
2.2.0
zabbix/zabbix
< 1.8.18
Published
Dec 19, 2013
Tracked Since
Feb 18, 2026