Home / vulnerabilities Zabbix 1.8.x - 2.2.x XXE Injection
Posted on 18 June 2014
Source : packetstormsecurity.org Link
Product name:Zabbix
Description:Zabbix is an enterprise-class open source distributed monitoring solution for networks and applications.
Version affected:1.8.x-2.2.x
Type:XML External Entity Attack
Consequence:Arbitrary Local File Read&Potential RCE
Vulnerability Details:http://www.pnigos.com/?p=273
Fix Released:svn://svn.zabbix.com/branches/dev/ZBX-8151-18 r46594 for 1.8svn://svn.zabbix.com/branches/dev/ZBX-8151-20 r46600 for 2.0+
Bug was found by pnig0s @ FreeBuf.Com
==================================================
Best Regards,pnig0s
