Multiple SQL injection flaws were reported [1] in Zabbix. These could allow a malicious remote user to gain access to the database and execute arbitrary SQL statements. This has been corrected in current versions of Fedora (2.0.8-3) and EPEL (zabbix20-2.0.8-3 and zabbix-1.8.17-3 for EPEL5). [1] http://seclists.org/bugtraq/2013/Oct/24 External References: https://support.zabbix.com/browse/ZBX-7091
As this has been corrected in Fedora and EPEL already, closing the bug.