- Description
- A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
- Source
- security@zabbix.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@zabbix.com
- CWE-89
- Hype score
- Not currently trending
#exploit 1. CVE-2024-12425, CVE-2024-12426: LibreOffice Path Traversal https://t.co/6gInUfeAFA 2. CVE-2024-36412: Using XSS filters against XSS filters - Unexpected SQLI/RCE https://t.co/xh9NiHmgqa 3. CVE-2024-42327: Zabbix Privilege Escalation -> RCE https://t.co/jQT6L9XMLy
@ksg93rd
17 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zabbix CVE-2024-42327 PoC https://t.co/elskVCkVob
@wy88215534
5 Jan 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zabbix-CVE-2024-42327 RCE PoC SQL injection vulnerability of Zabbix server https://t.co/IJqh8Hs5m5… #ciberseguridad #hacking #FelizSabado #2025YearOfImranKhan https://t.co/g2UTNNEmbx
@doncaptador
4 Jan 2025
51 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
NSFOCUS CERT detects Zabbix security leak CVE-2024-42327 : Announcement and fix for Zabbix server SQL injection vulnerability. https://t.co/fsxLNWuJKl https://t.co/l116DwO3Vl
@freedomhack101
4 Jan 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zabbix-CVE-2024-42327 RCE PoC SQL injection vulnerability of Zabbix server https://t.co/kkFDTCp0lI https://t.co/zqrLD3J2RV
@elhackernet
4 Jan 2025
7162 Impressions
45 Retweets
170 Likes
64 Bookmarks
1 Reply
0 Quotes
“Zabbix”də kritik boşluq (CVE-2024-42327) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/FDgoyKk3G0
@CERTAzerbaijan
20 Dec 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zabbix の脆弱性 CVE-2024-42327 (CVSS:9.9):PoCエクスプロイトが登場 https://t.co/hYiNvyJhMg この Zabbix の脆弱性ですが、第一報は 2024/11/27 の「Zabbix の SQLi の脆弱性 CVE-2024-42327 (CVSS 9.9) が FIX:ただちにパッチを!」です。そして、わずか数日の間に、PoC… https://t.co/8qitVviFOQ
@iototsecnews
11 Dec 2024
122 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 Alerta de Seguridad: Se ha detectado una vulnerabilidad crítica en Zabbix (CVE-2024-42327), que podría comprometer la integridad de los datos mediante inyección SQL. 🚨 Es momento de tomar acción: revisa, actualiza y protege tus sistemas. La ciberseguridad no espera.… https:/
@tpx_Security
6 Dec 2024
132 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
GitHub - aramosf/cve-2024-42327: cve-2024-42327 ZBX-25623 https://t.co/Be3GCsqvkA
@akaclandestine
6 Dec 2024
530 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Kritikus sérülékenységet találtak a Zabbix-ban A Zabbix egy népszerű nyílt forráskódú hálózat monitorozó szoftver, ami vállalati környezetekben való használatra is alkalmas. Zabbix monitorozó hiba sérülékenység CVE CVE-2024-42327 CVE-2024-36462 https://t.co/EXrBNYbea5
@linuxmint_hun
5 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - compr00t/CVE-2024-42327: PoC for CVE-2024-42327 / ZBX-25623 https://t.co/doZdtl0yfr
@akaclandestine
5 Dec 2024
686 Impressions
1 Retweet
3 Likes
2 Bookmarks
0 Replies
0 Quotes
ZabbixフロントエンドにおけるSQLインジェクション脆弱性(SQLi)CVE-2024-42327 CVSS 9.9 Critical 攻撃者がCUserクラス内のaddRelatedObjects関数を通じて悪意のあるSQLクエリを注入できる。権限の低いアカウント(デフォルトのユーザーロールなど)でも攻撃可能です。 https://t.co/IfZWWb2oIb https://t.co/fjLoOQyWi4
@t_nihonmatsu
4 Dec 2024
216 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Zabbix server is vulnerable to a critical severity flaw tracked as CVE-2024-42327. The vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow attackers to escalate privileges and gain complete control of vulnerable Zabbix servers. Márk… http
@glinkinivan
4 Dec 2024
78 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Zabbixの脆弱性CVE-2024-42327(CVSSスコア9.9)について、PoC(攻撃の概念実証コード)が公開された。ZabbixフロントエンドでCUser.getメソッドから呼ばれるCUserクラスのaddRelatedObjects関数における脆弱性で、非管理者ユーザが悪用可能なSQLインジェクション。 https://t.co/FpOhaYC7IP
@__kokumoto
4 Dec 2024
4765 Impressions
15 Retweets
59 Likes
19 Bookmarks
1 Reply
1 Quote
PoC Exploit Releases for Critical Zabbix Vulnerability – CVE-2024-42327 (CVSS 9.9) https://t.co/foSyrL5ewS
@Dinosn
4 Dec 2024
2252 Impressions
11 Retweets
36 Likes
8 Bookmarks
0 Replies
0 Quotes
PoC Exploit Releases for Critical Zabbix Vulnerability - CVE-2024-42327 (CVSS 9.9) Security researcher Alejandro Ramos has published a detailed technical analysis and proof-of-concept (PoC) exploit code for CVE-2024-42327 https://t.co/DxbTDLdrA9
@the_yellow_fall
4 Dec 2024
1464 Impressions
18 Retweets
28 Likes
8 Bookmarks
0 Replies
0 Quotes
GitHub - compr00t/CVE-2024-42327: PoC for CVE-2024-42327 / ZBX-25623 - https://t.co/MyBWurgkCc
@piedpiper1616
3 Dec 2024
1128 Impressions
7 Retweets
15 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 alert 🚨 Zabbix : SQL injection Anyone with an API access can exploit this vulnerability: An SQLi exists in the CUser class in the addRelatedObjects function, which is called from the CUser.get function. Find out more : https://t.co/k32SiEOp5x #SQL #Zabbix
@Patrowl_io
3 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix 🎯84k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/nDXlleoDsf FOFA Query:app="ZABBIX-Monitoring" 🔖Refer: https://t.co/8mv6VaNv76 #OSINT #FOFA… htt
@fofabot
3 Dec 2024
1416 Impressions
11 Retweets
21 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Query" HUNTER:/product.name="Zabbix" SHODAN: http.component:"Zabbix" FOFA: app="ZABBIX-Monitoring"
@d4rk_c0r3
3 Dec 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix 📊 143K+ Services are found on https://t.co/ysWb28BTvF nearly year. 🔗Hunter Link:https://t.co/adWkCns9i7 👇Search Query HUNTER:/product.name="Zabbix" SHODAN: http.component:"Zabbix" FOFA:… h
@HunterMapping
3 Dec 2024
8325 Impressions
42 Retweets
116 Likes
52 Bookmarks
5 Replies
0 Quotes
Zabbix Server Critical SQL Injection Vulnerability (CVE-2024-42327) – Qualys ThreatPROTECT #informationsecurity #cybersecurity https://t.co/lhlfl93BE3
@JeffEnglander
2 Dec 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ZABBIX SQL injection in user.get API (CVE-2024-42327 CVSS 9.9) https://t.co/k4dTebCVJi
@S0ufi4n3
1 Dec 2024
459 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SQL Injection Vulnerability in Zabbix Zabbix's SQL injection vulnerability (CVE-2024-42327) poses a severe risk with a CVSS score of 9.9. Affects versions 6.0.0–6.0.31, 6.4.0–6.4.16, 7.0.0. Exploitable by non-admin accounts with API access.#CyberSecurity #SQLi
@firexcore
1 Dec 2024
30 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327 @zabbix A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from…
@d0znpp
30 Nov 2024
482 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Zabbix tool affected by CVE-2024-42327 #ZABBIX #CVE-2024-42327 #Sqlinjection https://t.co/EBfNNckDf9
@pravin_karthik
30 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Vulnerabilidad crítica de inyección SQL en la API de ➡️ Zabbix ⚠️ CVE-2024-42327 https://t.co/4YKIODy79o https://t.co/qB7W7BNfbd
@elhackernet
29 Nov 2024
6909 Impressions
31 Retweets
100 Likes
24 Bookmarks
0 Replies
0 Quotes
Uwaga na "krytyczny SQL injection" w Zabbix. CVE-2024-42327 Na szczęście wykorzystanie wymaga posiadania konta (dowolnego) użytkownika w Zabbix https://t.co/6BQQaw2rSM
@Sekurak
29 Nov 2024
2931 Impressions
6 Retweets
32 Likes
6 Bookmarks
0 Replies
0 Quotes
【緊急】Zabbix の脆弱性情報 CVE-2024-42327 (CVSS 9.9) https://t.co/JV4FglcwWP
@yousukezan
29 Nov 2024
1386 Impressions
6 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
یک آسیب پذیری با شدت بحرانی و امتیاز 9.9 و با شناسه CVE-2024-42327 در #Zabbix اصلاح شده. این آسیب پذیری از نوع #SQLi هستش و امکان افزایش امتیاز و کنترل Zabbix رو به مهاجم میده. آسیب پذیری در نقطه پایانی user.get API هستش. https://t.co/pk9CcmkxdS
@onhexgroup
28 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327: SQL Injection in Zabbix, 9.9 rating 🔥 The discovered vulnerability allows any Zabbix user to perform Privilege Escalation via SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/LSM2JnwACB #cybersecurity #vulnerability_map #zabbix https://t
@Netlas_io
28 Nov 2024
3569 Impressions
14 Retweets
57 Likes
20 Bookmarks
0 Replies
1 Quote
CVSS 9.9!! とりあえずユーザーロールで user.get API をdenyした。 Zabbix SQL injection in user.get API (CVE-2024-42327) https://t.co/X5Ysztndzp
@miyahancom
28 Nov 2024
1279 Impressions
1 Retweet
5 Likes
4 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix https://t.co/TTJUIF7XQk
@Dinosn
28 Nov 2024
7713 Impressions
50 Retweets
158 Likes
35 Bookmarks
0 Replies
0 Quotes
Zabbix(ITインフラ監視製品)に重大(Critical)な脆弱性。CVE-2024-42327はCVSSスコア9.9でuser.get APIエンドポイントにおけるSQLインジェクション。悪用には一般ユーザーかそれ以上のアクセス権が必要。修正版が提供されている。 https://t.co/Ze9GqVCyET
@__kokumoto
28 Nov 2024
10396 Impressions
53 Retweets
123 Likes
48 Bookmarks
1 Reply
1 Quote
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Learn about the critical SQL injection flaw in #Zabbix and its potential impact on monitoring data and system security. https://t.co/RT276nBYA3
@the_yellow_fall
28 Nov 2024
265 Impressions
0 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
[CVE-2024-42327: CRITICAL] Zabbix frontend vulnerability alert: Non-admin user accounts with API access can exploit SQLi in CUser class, potentially breaching security. Take precautions! #cybersecurity#cybersecurity,#vulnerability https://t.co/aDNGGZmbk7 https://t.co/hWc2isCOLY
@CveFindCom
27 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exist… https://t.co/c0fCnISAlx
@CVEnew
27 Nov 2024
397 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes