High severity8.1NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026
CVE-2016-4338
CVE-2016-4338
Description
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.1:-:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.2:-:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.3:-:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:3.0.2:*:*:*:*:*:*:*
- (no CPE)range: <2.0.18, <2.2.13, <3.0.3
Patches
Vulnerability mechanics
References
10- packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2016/May/9nvdExploitThird Party AdvisoryVDB Entry
- support.zabbix.com/browse/ZBX-10741nvdExploitPatchVendor Advisory
- www.exploit-db.com/exploits/39769/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/89631nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201612-42nvdThird Party AdvisoryVDB Entry
- www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018nvdVendor Advisory
- www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213nvdVendor Advisory
- www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303nvdVendor Advisory
- www.securityfocus.com/archive/1/538258/100/0/threadednvd
News mentions
0No linked articles in our index yet.