CVE-2013-3738

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1970%

EPSS Percentile16.09th

PublishedFeb 17, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.

Affected Platforms (CPE)

📦

Zabbix

= 2.0.6

References & Advisories

🔗 http://support.zabbix.com/browse/ZBX-6652

Related Vulnerabilities

CVE-2007-064010.0

Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

CVE-2013-57439.8

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

CVE-2020-118009.8

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

CVE-2014-30059.8

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x...