Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local file, and send the contents of the specified file to a remote server.
Affected versions: 1.8.19, 1.8.20, 2.0.9, 2.0.10, 2.0.11rc2, 2.0.11, 2.2.2, 2.2.3rc1, 2.2.3rc2, 2.2.3
- Upgrade to the latest version of Zabbix (this issue was fixed in version 2.3.2).
- Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - 3.2.5)
- WordPress Plugin Spicy Blogroll Local File Include (1.0.0)
- WordPress Plugin jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)
- WordPress Plugin myFlash Remote File Include (1.10)
- WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Local/Remote File Inclusion (2.3.3)