CVE-2016-4338

HIGH

Zabbix <2.0.18, <2.2.13, <3.0.3 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4338. PoCs published by Timo Lindfors.

AI-analyzed exploit summary This exploit demonstrates a shell command injection vulnerability in Zabbix Agent 3.0.1 due to improper handling of shell commands in the mysql.size user parameter. The vulnerability arises when /bin/sh is not bash, allowing execution of arbitrary commands with zabbix user privileges.

Description

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

Exploits (1)

exploitdb WORKING POC

by Timo Lindfors · textlocallinux

https://www.exploit-db.com/exploits/39769

View Code ZIP pw:eip

This exploit demonstrates a shell command injection vulnerability in Zabbix Agent 3.0.1 due to improper handling of shell commands in the mysql.size user parameter. The vulnerability arises when /bin/sh is not bash, allowing execution of arbitrary commands with zabbix user privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zabbix Agent 3.0.1

No auth needed

Prerequisites: Access to Zabbix Agent port 10050 · Zabbix Agent configured to accept connections from attacker's IP

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39769/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/538258/100/0/threaded

Exploit, Patch, Vendor Advisory x_refsource_confirm

https://support.zabbix.com/browse/ZBX-10741

Vendor Advisory x_refsource_confirm

https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements

Vendor Advisory x_refsource_confirm

https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303#miscellaneous_improvements

Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/May/9

Vendor Advisory x_refsource_confirm

https://www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018#miscellaneous_improvements

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/89631

Third Party Advisory, VDB Entry vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201612-42

Scores

CVSS v3 8.1

EPSS 0.2114

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (33)

zabbix/zabbix 2.0.0

zabbix/zabbix 2.0.1

zabbix/zabbix 2.0.2

zabbix/zabbix 2.0.3

zabbix/zabbix 2.0.4

zabbix/zabbix 2.0.5

zabbix/zabbix 2.0.6

zabbix/zabbix 2.0.7

zabbix/zabbix 2.0.8

zabbix/zabbix 2.0.9

... and 23 more

Published Jan 23, 2017

Tracked Since Feb 18, 2026