Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zabbix Sia Zabbix 安全漏洞
Vulnerability Description
Zabbix Sia Zabbix是拉脱维亚Zabbix SIA(Zabbix Sia)公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 4.0 LTS、4.2、4.4和5.0 LTS版本存在安全漏洞,该漏洞源于软件缺少对于用户提交的命令参数的过滤和转义。任何具有“Zabbix管理员”角色的用户都能够在应用程序用户的上下文中在应用程序服务器上运行定制的shell脚本。
CVSS Information
N/A
Vulnerability Type
N/A