Published: 09/10/2019 Updated: 22/08/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

An issue exists in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix up to and including 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zabbix zabbix

Zabbix version 347 suffers from a persistent cross site scripting vulnerability ...

A PoC exploit for CVE-2019-17382 - Zabbix Authentication Bypass

CVE-2019-17382 - Zabbix Authentication Bypass A critical vulnerability discovered in Zabbix versions up to 44 The issue exists within the zabbixphp file when accessing the dashboardview action with dashboardid=1 It enables attackers to bypass the login page, granting unauthorized access to the dashboard creation feature Consequently, an attacker can create Dashboards, Rep

CWE-639 https://www.exploit-db.com/exploits/47467 https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://nvd.nist.gov https://github.com/K3ysTr0K3R/CVE-2019-17382-EXPLOIT https://packetstormsecurity.com/files/162032/Zabbix-3.4.7-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-17382

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect