Description
Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local file, and send the contents of the specified file to a remote server.
Affected versions: 1.8.19, 1.8.20, 2.0.9, 2.0.10, 2.0.11rc2, 2.0.11, 2.2.2, 2.2.3rc1, 2.2.3rc2, 2.2.3
Remediation
Upgrade to the latest version of Zabbix (this issue was fixed in version 2.3.2).
References
Related Vulnerabilities
WordPress Plugin Eventify-Simple Events 'npath' Parameter Remote File Include (1.7.g)
WordPress Plugin AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3)
WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)
WordPress Plugin BackUpWordPress Remote File Inclusion (0.4.2b)