.. / CVE-2019-17382

Exploit for Zabbix <=4.4 - Authentication Bypass (CVE-2019-17382)

Description:

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.

Nuclei Template

View the template here CVE-2019-17382.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-17382.yaml

References:

https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html
https://github.com/huimzjty/vulwiki
https://www.exploit-db.com/exploits/47467
https://nvd.nist.gov/vuln/detail/CVE-2019-17382
https://github.com/merlinepedra25/nuclei-templates

.. / CVE-2019-17382 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zabbix <=4.4 - Authentication Bypass (CVE-2019-17382)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-17382