CVE-2009-4498 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-4498

The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.

Published: Dec 31, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-4498
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
zabbix / zabbix	1.1.2	1.1.2.x
zabbix / zabbix	1.1.4	1.1.4.x
zabbix / zabbix	1.4.3	1.4.3.x
zabbix / zabbix	1.6.8	1.6.8.x
zabbix / zabbix	1.7.1	1.7.1.x
zabbix / zabbix	-	1.7.4.x
zabbix / zabbix	1.7.2	1.7.2.x
zabbix / zabbix	1.7	1.7.x
zabbix / zabbix	1.6.7	1.6.7.x
zabbix / zabbix	1.7.3	1.7.3.x
zabbix / zabbix	1.1.3	1.1.3.x
zabbix / zabbix	1.6.6	1.6.6.x
zabbix / zabbix	1.4.2	1.4.2.x
zabbix / zabbix	1.1.5	1.1.5.x