Zabbix · Zabbix · CVE-2012-3435
**Name of the Vulnerable Software and Affected Versions**
Zabbix versions 1.8.15rc1 and earlier
Zabbix versions 2.x before 2.0.2rc1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `itemid` parameter in the `/frontends/php/popup bitem.php` endpoint.
**Recommendations**
For Zabbix versions 1.8.15rc1 and earlier, update to a version later than 1.8.15rc1.
For Zabbix versions 2.x before 2.0.2rc1, update to version 2.0.2rc1 or later.