Zabbix Multiple Critical Vulnerabilities - CVE-2009-4498

On March 3, 2009, the Gentoo Bugzilla portal published a security advisory regarding several critical vulnerabilities in the Zabbix monitoring platform, attributed to a team composed of Antonio “s4tan” Parata, Francesco “ascii” Ongaro, and Giovanni “evilaliv3” Pellerano. The official advisory, hosted on the USH site, described serious issues such as Remote Code Execution, Local File Inclusion, and Cross Site Request Forgery. The bug was catalogued with ID CVE-2009-4498 (and related 4499, 4500, 4501) and received a CVSS rating of 9.7 out of 10. The impact of the vulnerabilities and Ongaro’s direct involvement in their discovery had significant resonance in the open source landscape, leading to resolution and the release of official patches by the Zabbix project.