CVE 2013-6824
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
See the 
CVE page on Mitre.org
for more details.
