CVE-2022-23134

LOW KEV NUCLEI

Zabbix 5.4.0-5.4.7 - Unauthenticated Improper Access Control in Setup.php

Title source: llm

Exploitation Summary

CVE-2022-23134 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 22, 2022. EIP tracks 1 public exploit from researchers including TheN00bBuilder. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2022-23134 in Zabbix by crafting a malicious cookie containing MySQL connection details, which is then sent to the vulnerable setup.php endpoint to achieve unauthorized database access.

Description

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

Exploits (1)

nomisec WORKING POC 1 stars

by TheN00bBuilder · remote

https://github.com/TheN00bBuilder/cve-2022-23134-poc-and-writeup

View Code ZIP pw:eip

This PoC exploits CVE-2022-23134 in Zabbix by crafting a malicious cookie containing MySQL connection details, which is then sent to the vulnerable setup.php endpoint to achieve unauthorized database access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Zabbix (specific versions affected by CVE-2022-23134)

No auth needed

Prerequisites: Access to the Zabbix setup.php endpoint · Valid MySQL server credentials

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Zabbix Setup Configuration Authentication Bypass

MEDIUMby bananabr

Shodan: http.favicon.hash:892542951 || http.title:"zabbix-server" || cpe:"cpe:2.3:a:zabbix:zabbix"

FOFA: icon_hash=892542951 || app="zabbix-监控系统" && body="saml" || title="zabbix-server"

References (5)

Core 5

Core References

Issue Tracking, Patch, Vendor Advisory x_refsource_misc

https://support.zabbix.com/browse/ZBX-20384

Release Notes vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/

Release Notes vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23134

Scores

CVSS v3 3.7

EPSS 0.8466

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact partial

Details

CISA KEV 2022-02-22

VulnCheck KEV 2022-02-22

InTheWild.io 2022-02-22

ENISA EUVD EUVD-2022-28225

CWE

CWE-284 CWE-287

Status published

Products (5)

debian/debian_linux 9.0

fedoraproject/fedora 34

fedoraproject/fedora 35

zabbix/zabbix 6.0.0 alpha1 (8 CPE variants)

zabbix/zabbix 5.4.0 - 5.4.8

Published Jan 13, 2022

KEV Added Feb 22, 2022

Tracked Since Feb 18, 2026