Processing control commands:
> retitle -1 zabbix: CVE-2016-9140: API JSON-RPC remote code execution
Bug #842702 [zabbix-frontend-php] Remote Code Execution on Zabbix 2.2 < 3.0.3
Changed Bug title to 'zabbix: CVE-2016-9140: API JSON-RPC remote code
execution' from 'Remote Code Execution on Zabbix
Control: retitle -1 zabbix: CVE-2016-9140: API JSON-RPC remote code execution
Control: found -1 1:2.2.7+dfsg-2
Control: tags -1 + upstream security
Hi
I'm not sure the subject is correct in stating that versions only
below 3.0.3 are affected. Looking from the changes in api_jsonrpc.php
it does no
Package: zabbix-frontend-php
Version: 1:2.2.7+dfsg-2+deb8u1
Severity: grave
Zabbix on Jessie is vulnerable to remote code execution through exploit
available in [1] (valid zabbix user/password is needed).
I do not find any CVE related to this bug.
[1] https://www.exploit-db.com/exploits/39937/
3 matches
Mail list logo
