Zabbix · Zabbix · CVE-2011-4674
**Name of the Vulnerable Software and Affected Versions**
Zabbix versions 1.8.3 through 1.8.4 and possibly other versions prior to 1.8.9
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `only hostid` parameter in the popup.php file.
**Recommendations**
For versions 1.8.3 and 1.8.4, and possibly other versions prior to 1.8.9, avoid using the `only hostid` parameter in the popup.php file until the issue is resolved. Consider restricting access to the popup.php file to minimize the risk of exploitation.