Total vulnerabilities in the database
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
| Software | From | Fixed in |
|---|---|---|
| zabbix / zabbix | 2.0.0 | 2.0.0.x |
| zabbix / zabbix | 2.2.2 | 2.2.2.x |
| zabbix / zabbix | 2.2.0 | 2.2.0.x |
| zabbix / zabbix | 2.0.5 | 2.0.5.x |
| zabbix / zabbix | 2.0.14 | 2.0.14.x |
| zabbix / zabbix | 2.0.9 | 2.0.9.x |
| zabbix / zabbix | 2.2.12 | 2.2.12.x |
| zabbix / zabbix | 3.0.2 | 3.0.2.x |
| zabbix / zabbix | 2.2.1 | 2.2.1.x |
| zabbix / zabbix | 2.0.1 | 2.0.1.x |
| zabbix / zabbix | 2.2.6 | 2.2.6.x |
| zabbix / zabbix | 2.0.11 | 2.0.11.x |
| zabbix / zabbix | 2.0.6 | 2.0.6.x |
| zabbix / zabbix | 2.2.11 | 2.2.11.x |
| zabbix / zabbix | 2.0.4 | 2.0.4.x |
| zabbix / zabbix | 2.0.15 | 2.0.15.x |
| zabbix / zabbix | 2.2.7 | 2.2.7.x |
| zabbix / zabbix | 2.0.12 | 2.0.12.x |
| zabbix / zabbix | 3.0.0 | 3.0.0.x |
| zabbix / zabbix | 2.2.4 | 2.2.4.x |
| zabbix / zabbix | 2.0.3 | 2.0.3.x |
| zabbix / zabbix | 2.2.9 | 2.2.9.x |
| zabbix / zabbix | 2.2.10 | 2.2.10.x |
| zabbix / zabbix | 2.2.3 | 2.2.3.x |
| zabbix / zabbix | 2.0.2 | 2.0.2.x |
| zabbix / zabbix | 2.0.17 | 2.0.17.x |
| zabbix / zabbix | 2.2.5 | 2.2.5.x |
| zabbix / zabbix | 2.0.16 | 2.0.16.x |
| zabbix / zabbix | 2.0.10 | 2.0.10.x |
| zabbix / zabbix | 2.0.8 | 2.0.8.x |
| zabbix / zabbix | 2.0.13 | 2.0.13.x |
| zabbix / zabbix | 2.2.8 | 2.2.8.x |
| zabbix / zabbix | 2.0.7 | 2.0.7.x |