Overview
- Description
- A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
- Source
- security@zabbix.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@zabbix.com
- CWE-89
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
ZabbixフロントエンドにおけるSQLインジェクション脆弱性(SQLi)CVE-2024-42327 CVSS 9.9 Critical 攻撃者がCUserクラス内のaddRelatedObjects関数を通じて悪意のあるSQLクエリを注入できる。権限の低いアカウント(デフォルトのユーザーロールなど)でも攻撃可能です。 https://t.co/IfZWWb2oIb https://t.co/fjLoOQyWi4
@t_nihonmatsu
4 Dec 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC Exploit Releases for Critical Zabbix Vulnerability – CVE-2024-42327 (CVSS 9.9) https://t.co/foSyrL5ewS
@Dinosn
4 Dec 2024
1891 Impressions
10 Retweets
28 Likes
6 Bookmarks
0 Replies
0 Quotes
PoC Exploit Releases for Critical Zabbix Vulnerability - CVE-2024-42327 (CVSS 9.9) Security researcher Alejandro Ramos has published a detailed technical analysis and proof-of-concept (PoC) exploit code for CVE-2024-42327 https://t.co/DxbTDLdrA9
@the_yellow_fall
4 Dec 2024
1248 Impressions
13 Retweets
25 Likes
8 Bookmarks
0 Replies
0 Quotes
GitHub - compr00t/CVE-2024-42327: PoC for CVE-2024-42327 / ZBX-25623 - https://t.co/MyBWurgkCc
@piedpiper1616
3 Dec 2024
1025 Impressions
6 Retweets
12 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 alert 🚨 Zabbix : SQL injection Anyone with an API access can exploit this vulnerability: An SQLi exists in the CUser class in the addRelatedObjects function, which is called from the CUser.get function. Find out more : https://t.co/k32SiEOp5x #SQL #Zabbix
@Patrowl_io
3 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix 🎯84k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/nDXlleoDsf FOFA Query:app="ZABBIX-Monitoring" 🔖Refer: https://t.co/8mv6VaNv76 #OSINT #FOFA… htt
@fofabot
3 Dec 2024
1416 Impressions
11 Retweets
21 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Query" HUNTER:/product.name="Zabbix" SHODAN: http.component:"Zabbix" FOFA: app="ZABBIX-Monitoring"
@d4rk_c0r3
3 Dec 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix 📊 143K+ Services are found on https://t.co/ysWb28BTvF nearly year. 🔗Hunter Link:https://t.co/adWkCns9i7 👇Search Query HUNTER:/product.name="Zabbix" SHODAN: http.component:"Zabbix" FOFA:… h
@HunterMapping
3 Dec 2024
8325 Impressions
42 Retweets
116 Likes
52 Bookmarks
5 Replies
0 Quotes
Zabbix Server Critical SQL Injection Vulnerability (CVE-2024-42327) – Qualys ThreatPROTECT #informationsecurity #cybersecurity https://t.co/lhlfl93BE3
@JeffEnglander
2 Dec 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ZABBIX SQL injection in user.get API (CVE-2024-42327 CVSS 9.9) https://t.co/k4dTebCVJi
@S0ufi4n3
1 Dec 2024
459 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SQL Injection Vulnerability in Zabbix Zabbix's SQL injection vulnerability (CVE-2024-42327) poses a severe risk with a CVSS score of 9.9. Affects versions 6.0.0–6.0.31, 6.4.0–6.4.16, 7.0.0. Exploitable by non-admin accounts with API access.#CyberSecurity #SQLi
@firexcore
1 Dec 2024
30 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327 @zabbix A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from…
@d0znpp
30 Nov 2024
482 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Zabbix tool affected by CVE-2024-42327 #ZABBIX #CVE-2024-42327 #Sqlinjection https://t.co/EBfNNckDf9
@pravin_karthik
30 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Vulnerabilidad crítica de inyección SQL en la API de ➡️ Zabbix ⚠️ CVE-2024-42327 https://t.co/4YKIODy79o https://t.co/qB7W7BNfbd
@elhackernet
29 Nov 2024
6909 Impressions
31 Retweets
100 Likes
24 Bookmarks
0 Replies
0 Quotes
Uwaga na "krytyczny SQL injection" w Zabbix. CVE-2024-42327 Na szczęście wykorzystanie wymaga posiadania konta (dowolnego) użytkownika w Zabbix https://t.co/6BQQaw2rSM
@Sekurak
29 Nov 2024
2931 Impressions
6 Retweets
32 Likes
6 Bookmarks
0 Replies
0 Quotes
【緊急】Zabbix の脆弱性情報 CVE-2024-42327 (CVSS 9.9) https://t.co/JV4FglcwWP
@yousukezan
29 Nov 2024
1386 Impressions
6 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
یک آسیب پذیری با شدت بحرانی و امتیاز 9.9 و با شناسه CVE-2024-42327 در #Zabbix اصلاح شده. این آسیب پذیری از نوع #SQLi هستش و امکان افزایش امتیاز و کنترل Zabbix رو به مهاجم میده. آسیب پذیری در نقطه پایانی user.get API هستش. https://t.co/pk9CcmkxdS
@onhexgroup
28 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327: SQL Injection in Zabbix, 9.9 rating 🔥 The discovered vulnerability allows any Zabbix user to perform Privilege Escalation via SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/LSM2JnwACB #cybersecurity #vulnerability_map #zabbix https://t
@Netlas_io
28 Nov 2024
3569 Impressions
14 Retweets
57 Likes
20 Bookmarks
0 Replies
1 Quote
CVSS 9.9!! とりあえずユーザーロールで user.get API をdenyした。 Zabbix SQL injection in user.get API (CVE-2024-42327) https://t.co/X5Ysztndzp
@miyahancom
28 Nov 2024
1279 Impressions
1 Retweet
5 Likes
4 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix https://t.co/TTJUIF7XQk
@Dinosn
28 Nov 2024
7713 Impressions
50 Retweets
158 Likes
35 Bookmarks
0 Replies
0 Quotes
Zabbix(ITインフラ監視製品)に重大(Critical)な脆弱性。CVE-2024-42327はCVSSスコア9.9でuser.get APIエンドポイントにおけるSQLインジェクション。悪用には一般ユーザーかそれ以上のアクセス権が必要。修正版が提供されている。 https://t.co/Ze9GqVCyET
@__kokumoto
28 Nov 2024
10396 Impressions
53 Retweets
123 Likes
48 Bookmarks
1 Reply
1 Quote
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Learn about the critical SQL injection flaw in #Zabbix and its potential impact on monitoring data and system security. https://t.co/RT276nBYA3
@the_yellow_fall
28 Nov 2024
265 Impressions
0 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
[CVE-2024-42327: CRITICAL] Zabbix frontend vulnerability alert: Non-admin user accounts with API access can exploit SQLi in CUser class, potentially breaching security. Take precautions! #cybersecurity#cybersecurity,#vulnerability https://t.co/aDNGGZmbk7 https://t.co/hWc2isCOLY
@CveFindCom
27 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exist… https://t.co/c0fCnISAlx
@CVEnew
27 Nov 2024
397 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes