CVE-2020-11800

CRITICAL LAB

Zabbix 2.2.x-3.0.30 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11800. PoCs published by ycseo-git.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2020-11800, a command injection vulnerability in Zabbix Server 3.0.3. The exploit leverages IPv6-style payloads to bypass incomplete patches and achieve remote code execution via auto-registration.

Description

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Exploits (1)

nomisec WORKING POC

by ycseo-git · poc

https://github.com/ycseo-git/CVE-2020-11800

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2020-11800, a command injection vulnerability in Zabbix Server 3.0.3. The exploit leverages IPv6-style payloads to bypass incomplete patches and achieve remote code execution via auto-registration.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zabbix Server 3.0.3

No auth needed

Prerequisites: network access to Zabbix Server port 10051 · auto-registration enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 19, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

https://support.zabbix.com/browse/DEV-1538

Permissions Required, Vendor Advisory x_refsource_confirm

https://support.zabbix.com/browse/ZBXSEC-30

Third Party Advisory x_refsource_misc

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html

Vendor Advisory x_refsource_confirm

https://support.zabbix.com/browse/ZBX-17600

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html

Scores

CVSS v3 9.8

EPSS 0.4775

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull vulhub/zabbix:3.0.3-server

docker pull vulhub/zabbix:3.0.3-web

https://github.com/ycseo-git/CVE-2020-11800

View in Library

Details

Status published

Products (6)

debian/debian_linux 9.0

opensuse/backports_sle 15.0 sp1 (2 CPE variants)

opensuse/leap 15.1

opensuse/leap 15.2

zabbix/zabbix 3.2.0

zabbix/zabbix 2.2.0 - 3.0.31

Published Oct 07, 2020

Tracked Since Feb 18, 2026