Zabbix 1.6.2 Multiple Vulnerabilities - Exploit-DB

On March 3, 2009, the international platform Exploit-DB, managed by OffSec, published a technical advisory signed by the USH team — composed of Antonio “s4tan” Parata, Francesco “ascii” Ongaro, and Giovanni “evilaliv3” Pellerano — regarding serious multiple vulnerabilities in the Zabbix 1.6.2 frontend. The analysis, catalogued with ID 8140, documented exploits of the Remote Code Execution, Cross-Site Request Forgery, and Local File Inclusion type, with an estimated risk score of 9.7/10. The advisory, originally released on the USH.it site and then archived on Exploit-DB, formally credits Ongaro as co-author of the discovery, reporting his direct contacts and copyright, and specifies that the disclosure was made public as a forced release after vendor delays in distributing the corrective patch.