Hello,

In the scripts menu in administration page, the app aven't got any filter at all.

It's possible for an user with suffisant right to make Zabbix app act like an C&C and get a shell in any host he whant. That's not very secure .

I found many of zabbix servers with the nmap binnary accessible in sudo without password for the zabbix user. Result a reverse shell by the script lunched in the app on the host and a privilege escalation with the common exploitation of nmap with a crafted NSE script lunched as root (sudo) to have a root shell on the instance.