CVE-2013-6824
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
19/12/2013
Last modified:
11/04/2025
Description
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* | 1.8.18 (including) | |
| cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:zabbix:zabbix:2.2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://security.gentoo.org/glsa/glsa-201401-26.xml
- http://www.zabbix.com/rn1.8.19rc1.php
- http://www.zabbix.com/rn2.0.10rc1.php
- http://www.zabbix.com/rn2.2.1rc1.php
- https://support.zabbix.com/browse/ZBX-7479
- http://security.gentoo.org/glsa/glsa-201401-26.xml
- http://www.zabbix.com/rn1.8.19rc1.php
- http://www.zabbix.com/rn2.0.10rc1.php
- http://www.zabbix.com/rn2.2.1rc1.php
- https://support.zabbix.com/browse/ZBX-7479