GCVE - cpe:2.3:a:zabbix:zabbix:2.2.8:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix:2.2.8:*:*:*:*:*:*:*

part: a version: 2.2.8 update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix (`ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/zabbix/zabbix-agent`	purl2cpe	2026-06-01 10:13:01.953433
`pkg:github/zabbix/zabbix`	purl2cpe	2026-06-01 10:13:01.953435
`pkg:rpm/fedora/zabbix`	purl2cpe	2026-06-01 10:13:01.953436
`pkg:rpm/opensuse/zabbix`	purl2cpe	2026-06-01 10:13:01.953437
`pkg:zabbix/zbx/zabbix`	purl2cpe	2026-06-01 10:13:01.953439

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-4338`	vulnerable	2026-06-08 05:07:47.176138	Details available The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. Published: 2017-01-23T21:00:00.000Z Updated: 2024-08-06T00:25:14.512Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html https://www.exploit-db.com/exploits/39769/ http://www.securityfocus.com/archive/1/538258/100/0/threaded https://support.zabbix.com/browse/ZBX-10741 https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.