Zabbix · Zabbix · CVE-2013-1364
**Name of the Vulnerable Software and Affected Versions**
Zabbix versions prior to 1.8.16
Zabbix versions 2.x prior to 2.0.5rc1
**Description**
The issue allows remote attackers to override LDAP configuration. This is achieved through the `cnf` parameter in the `user.login` function.
**Recommendations**
For Zabbix versions prior to 1.8.16, update to version 1.8.16 or later.
For Zabbix versions 2.x prior to 2.0.5rc1, update to version 2.0.5rc1 or later.