Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Dec 31, 2009· Updated Apr 23, 2026

CVE-2009-4498

CVE-2009-4498

Description

The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.

Affected products

14

Zabbix/Zabbix14 versions
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*range: <=1.7.4
- cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

secunia.com/advisories/37740nvdVendor Advisory
www.vupen.com/english/advisories/2009/3514nvdVendor Advisory
www.openwall.com/lists/oss-security/2010/04/02/1nvd
www.securityfocus.com/archive/1/508436/30/60/threadednvd
support.zabbix.com/browse/ZBX-1030nvd

News mentions

0

No linked articles in our index yet.