CVE-2019-17382

🗓️ 09 Oct 2019 00:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 159 Views🌐 WEB

An issue in zabbix.php allows unauthorized access and creation of elements

Reporter	Title	Published	Views	Family All 32
0day.today	Zabbix 3.4.7 - Stored XSS Vulnerability	30 Mar 202100:00	–	zdt
GithubExploit	Exploit for Authorization Bypass Through User-Controlled Key in Zabbix	23 Dec 202314:02	–	githubexploit
AlpineLinux	CVE-2019-17382	9 Oct 201914:15	–	alpinelinux
BDU FSTEC	The vulnerability of the Zabbix universal monitoring system, related to bypassing authentication by using a user-controlled key, allows a intruder to circumvent the login page and gain access to the dashboard page.	23 Jun 202100:00	–	bdu_fstec
Cvelist	CVE-2019-17382	9 Oct 201900:00	–	cvelist
Debian	[SECURITY] [DLA 3538-1] zabbix security update	22 Aug 202313:22	–	debian
Debian CVE	CVE-2019-17382	9 Oct 201900:00	–	debiancve
Tenable Nessus	Debian DLA-3538-1 : zabbix - LTS security update	22 Aug 202300:00	–	nessus
Exploit DB	Zabbix 3.4.7 - Stored XSS	31 Mar 202100:00	–	exploitdb
Nuclei	Zabbix <=4.4 - Authentication Bypass	28 Jun 202615:08	–	nuclei

NVD

Node

zabbix zabbixRange≤4.4

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2023/08/msg00027.html
exploit-db	www.exploit-db.com/exploits/47467

Parameter	Position	Path	Description	CWE
dashboardid	path	zabbix.php?action=dashboard.view&dashboardid=1	Authentication bypass allowing anonymous access to dashboard creation	CWE-639
action	path	zabbix.php?action=dashboard.view&dashboardid=1	Authentication bypass allowing anonymous access to dashboard creation	CWE-639
action	path	zabbix/zabbix.php?action=dashboard.list	Anonymous access to dashboard listing/creation enabling further exploit (stored payload vector via widget Name)	CWE-639

17 Jun 2026 02:23Current

9High risk

Vulners AI Score9

CVSS 26.4

CVSS 3.19.1

EPSS0.5415

cve-2019-17382 zabbix security unauthorized access dashboard admin privileges