Full title: Zabbix 2.0.8 SQL Injection and Remote Code Execution 
Category: remote exploits
Platform: multiple
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.

# 0day.today @ http://0day.today/