VDB

GCVE-110-MAGEIA-2014-433

GCVE-110-MAGEIA-2014-433
Advisory Published
Vulnetix · Advisory published October 29, 2014
It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local file, and send the contents of the specified file to a remote server (CVE-2014-3005).

Affected Products

VendorProductVersionsPlatforms
Mageiazabbix0 (affected), 2.0.13-1.mga4 (unaffected)
Mageiazabbix0 (affected), 2.0.13-1.mga3 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›