Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. https://support.zabbix.com/browse/ZBX-24505
Created zabbix tracking bugs for this issue: Affects: epel-all [bug 2281601] Affects: fedora-all [bug 2281600] Created zabbix40 tracking bugs for this issue: Affects: epel-all [bug 2281602] Created zabbix50 tracking bugs for this issue: Affects: epel-7 [bug 2281603]