Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zabbix Arbitrary File Read
Vulnerability Description
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Zabbix 安全漏洞
Vulnerability Description
Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 5.0.42版本、6.0.30版本、6.4.15版本和7.0.0rc2版本存在安全漏洞,该漏洞源于存在任意文件读取漏洞,从而导致日志文件被AT命令破坏和日志文件内容泄漏到UI。
CVSS Information
N/A
Vulnerability Type
N/A