cpe:/a:zabbix:zabbix:1.8.3 cpe:/a:zabbix:zabbix:1.8.4 CVE-2011-4674 2011-12-02T13:55:02.967-05:00 2017-08-28T21:30:32.257-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-12-05T10:32:00.000-05:00 EXPLOIT-DB 18155 BID 50803 CONFIRM https://support.zabbix.com/browse/ZBX-4385 XF zabbix-popup-sql-injection(71479) SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.