>
> [Vulnerability Type] Cross Site Request Forgery (CSRF)
>
> ------------------------------------------
>
> [Vendor of Product] Zabbix
>
> ------------------------------------------
>
> [Affected Product Code Base] Zabbix - 5.0.2
>
> ------------------------------------------
>
> [Affected Component] Ccontroller.php,Clink.php,Cform.php,CpageHeader.php
>
> ------------------------------------------
>
> [Attack Type] Remote
>
> ------------------------------------------
>
> [Attack Vectors] an attacker can use one CSRF token and send request on 
> the user behalf, and the token will be valid in every request.
>
> ------------------------------------------
>
> [Discoverer] Ahmad Almorabea
>
> ------------------------------------------
>
> [Reference]
> http://almorabea.net/cves/zabbix.txt