Candidate: CVE-2013-3738
PublicDate: 2020-02-17 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3738
 http://support.zabbix.com/browse/ZBX-6652
Description:
 A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate
 sanitization of request strings in CGI scripts, which could let a remote
 malicious user execute arbitrary code.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_zabbix:
 upstream: https://github.com/zabbix/zabbix/commit/8e2da7fca1364e8faeef276e42d53735a7764456
upstream_zabbix: needs-triage
precise/esm_zabbix: DNE
trusty_zabbix: ignored (out of standard support)
trusty/esm_zabbix: not-affected (2.0.8+dfsg-1)
xenial_zabbix: not-affected (2.0.8+dfsg-1)
bionic_zabbix: not-affected (2.0.8+dfsg-1)
eoan_zabbix: not-affected (2.0.8+dfsg-1)
devel_zabbix: not-affected (2.0.8+dfsg-1)