Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local file, and send the contents of the specified file to a remote server.
Affected versions: 1.8.19, 1.8.20, 2.0.9, 2.0.10, 2.0.11rc2, 2.0.11, 2.2.2, 2.2.3rc1, 2.2.3rc2, 2.2.3
- Upgrade to the latest version of Zabbix (this issue was fixed in version 2.3.2).
- WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)
- WordPress Plugin myFlash Remote File Include (1.10)
- WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)
- WordPress Plugin BackWPup Multiple Local File Include Vulnerabilities (1.5.2)
- WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)