MaGe Linux Operations

Oct 18, 2017 · Information Security

How Zabbix Guest Access Enables Unauthenticated SQL Injection – Full Exploit Walkthrough

This article details a high‑severity SQL injection vulnerability in Zabbix’s jsrpc.php profileIdx2 parameter that allows unauthenticated attackers to gain system privileges, outlines its impact, demonstrates testing methods with screenshots, analyzes the vulnerable code paths, and recommends mitigation steps such as upgrading, patching, and disabling the guest account.