ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This Metasploit module was tested against Zabbix version 2.0.9.
337aba7aa6c0548a701c9d962e9e56e4ac6edce3bbb5c5f7b68fef1361fd8f09