Web application abuses : Zabbix <= 1.6.2 RCE Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.103581

Category: Web application abuses

Title: Zabbix <= 1.6.2 RCE Vulnerability

Summary: Zabbix is prone to a remote code execution (RCE) vulnerability.

Description: Summary:
Zabbix is prone to a remote code execution (RCE) vulnerability.

Vulnerability Impact:
Input passed to the 'extlang' parameter in 'locales.php' is not
properly sanitised before being used to process data. This can be exploited to execute arbitrary
commands via specially crafted requests.

Affected Software/OS:
Zabbix version 1.6.2 and possibly prior.

Solution:
Updates are available. Please see the references for more
information.

CVSS Score:
9.7

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:C/A:C

Copyright Copyright (C) 2012 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.103581
Category:	Web application abuses
Title:	Zabbix <= 1.6.2 RCE Vulnerability
Summary:	Zabbix is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: Zabbix is prone to a remote code execution (RCE) vulnerability. Vulnerability Impact: Input passed to the 'extlang' parameter in 'locales.php' is not properly sanitised before being used to process data. This can be exploited to execute arbitrary commands via specially crafted requests. Affected Software/OS: Zabbix version 1.6.2 and possibly prior. Solution: Updates are available. Please see the references for more information. CVSS Score: 9.7 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:C/A:C
Copyright	Copyright (C) 2012 Greenbone Networks GmbH