Security Advisories

Zabbix 2.0.8 SQL Injection and Remote Code Execution

This exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower.  The SQL injection issue can be abused in order to retrieve an active session ID.  If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.