CVE-2016-10134

CRITICAL NUCLEI

Zabbix <2.2.14, <3.0.4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10134. PoCs published by [email protected], bperry, including Metasploit module auxiliary/gather/zabbix_toggleids_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Zabbix 3.0.3 and earlier to extract usernames and password hashes from the database. It uses time-based blind SQL injection techniques to enumerate database schemas and user credentials.

Description

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

Exploits (1)

metasploit WORKING POC

by [email protected], bperry · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/zabbix_toggleids_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Zabbix 3.0.3 and earlier to extract usernames and password hashes from the database. It uses time-based blind SQL injection techniques to enumerate database schemas and user credentials.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Zabbix 3.0.3 and prior

No auth needed

Prerequisites: Network access to the Zabbix web interface · SQL injection vulnerability in the 'toggle_ids' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Zabbix - SQL Injection

CRITICALby princechaddha

Shodan: http.favicon.hash:892542951 || http.title:"zabbix-server" || cpe:"cpe:2.3:a:zabbix:zabbix"

FOFA: icon_hash=892542951 || app="zabbix-监控系统" && body="saml" || title="zabbix-server"

References (7)

Core 7

Core References

Various Sources x_refsource_misc

https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/01/12/4

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2017/dsa-3802

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/01/13/4

Third Party Advisory x_refsource_confirm

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95423

Exploit, Patch, Vendor Advisory x_refsource_confirm

https://support.zabbix.com/browse/ZBX-11023

Scores

CVSS v3 9.8

EPSS 0.8328

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (5)

zabbix/zabbix 3.0.0

zabbix/zabbix 3.0.1

zabbix/zabbix 3.0.2

zabbix/zabbix 3.0.3

zabbix/zabbix < 2.2.13

Published Feb 17, 2017

Tracked Since Feb 18, 2026