The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:LZabbix Agent2
APPZabbix7.0.05.0.0 – 5.0.386.0.0 – 6.0.236.4.0 – 6.4.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
Powiązane podatności
CVE-2023-29453CRITICAL9.8ten sam produkt
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as ex...
CVE-2022-22704CRITICAL9.8ten sam produkt
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root becau...
CVE-2022-46768MEDIUM5.9ten sam produkt
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10...
CVE-2022-23131CRITICAL9.1⚠ KEVten sam vendor
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modif...
CVE-2024-42327CRITICAL9.9PL ✓ten sam vendor
SQL Injection w Zabbix – podatność w klasie CUser umożliwia eskalację uprawnień