CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

Credits

This vulnerability is reported in HackerOne bounty hunter platform by Philippe Antoine (catenacyber)

References