ZABBIX < 1.6.3 Web Interface locales.php extlang[] Remote Code Execution

High Nessus Network Monitor Plugin ID 4951

Synopsis

The remote host contains a PHP application that is prone to a remote command execution attack.

Description

The remote host is running a version of the ZABBIX web interface that is affected by a remote code execution vulnerability. The vulnerability exists in the 'extlang[]' parameter of the 'locales.php' script. Provided PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated remote attacker can exploit this to execute arbitrary code on the remote host subject to the privileges of the web server user ID. Note that this version of the ZABBIX web interface is also likely affected by a local file inclusion vulnerability and a cross-site request forgery vulnerability.

Solution

Upgrade to version 1.6.3 or higher.

See Also

http://www.securityfocus.com/archive/1/501400/30/0/threaded

Plugin Details

Severity: High

ID: 4951

Family: CGI

Published: 2009/03/09

Modified: 2018/09/16

Dependencies: 1442

Nessus ID: 35787

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:zabbix:zabbix

Reference Information

BID: 33965