Zabbix Web Interface extlang[] Parameter Remote Code Execution

high Nessus Plugin ID 35787


The remote web server hosts a PHP application that is prone to a remote command execution attack.


The remote web server hosts a version of the Zabbix web interface that is affected by a remote code execution vulnerability. The vulnerability involves the 'extlang[]' parameter of the 'locales.php' script.
Provided PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated, remote attacker can exploit this to execute arbitrary code on the remote host subject to the privileges of the web server user id.

Note that this version of the Zabbix web interface is also likely affected by a local file include vulnerability and a cross-site request forgery vulnerability.


Upgrade to Zabbix 1.6.3 or later.

See Also

Plugin Details

Severity: High

ID: 35787

File Name: zabbix_frontend_remote_code.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 3/7/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:ND


Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:zabbix:zabbix

Required KB Items: www/zabbix

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

BID: 33965

EDB-ID: 8140

SECUNIA: 34091