Fluid Attacks Database

Description

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	zabbix	>=0 <1:2.0.7+dfsg-1	1:2.0.7+dfsg-1
debian 11	zabbix	>=0 <1:2.0.7+dfsg-1	1:2.0.7+dfsg-1
debian 12	zabbix	>=0 <1:2.0.7+dfsg-1	1:2.0.7+dfsg-1
debian 14	zabbix	>=0 <1:2.0.7+dfsg-1	1:2.0.7+dfsg-1

Aliases

1. CVE-2013-37382. NVD-2013-37383. OSV-DEBIAN-2013-37384. OSV-2013-37385. SECURITY-TRACKER-CVE-2013-3738