Overview
- Description
- A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
- Source
- security@zabbix.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@zabbix.com
- CWE-89
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Zabbix Server Critical SQL Injection Vulnerability (CVE-2024-42327) – Qualys ThreatPROTECT #informationsecurity #cybersecurity https://t.co/lhlfl93BE3
@JeffEnglander
2 Dec 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ZABBIX SQL injection in user.get API (CVE-2024-42327 CVSS 9.9) https://t.co/k4dTebCVJi
@S0ufi4n3
1 Dec 2024
459 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SQL Injection Vulnerability in Zabbix Zabbix's SQL injection vulnerability (CVE-2024-42327) poses a severe risk with a CVSS score of 9.9. Affects versions 6.0.0–6.0.31, 6.4.0–6.4.16, 7.0.0. Exploitable by non-admin accounts with API access.#CyberSecurity #SQLi
@firexcore
1 Dec 2024
30 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327 @zabbix A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from…
@d0znpp
30 Nov 2024
482 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Zabbix tool affected by CVE-2024-42327 #ZABBIX #CVE-2024-42327 #Sqlinjection https://t.co/EBfNNckDf9
@pravin_karthik
30 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Vulnerabilidad crítica de inyección SQL en la API de ➡️ Zabbix ⚠️ CVE-2024-42327 https://t.co/4YKIODy79o https://t.co/qB7W7BNfbd
@elhackernet
29 Nov 2024
6909 Impressions
31 Retweets
100 Likes
24 Bookmarks
0 Replies
0 Quotes
Uwaga na "krytyczny SQL injection" w Zabbix. CVE-2024-42327 Na szczęście wykorzystanie wymaga posiadania konta (dowolnego) użytkownika w Zabbix https://t.co/6BQQaw2rSM
@Sekurak
29 Nov 2024
2931 Impressions
6 Retweets
32 Likes
6 Bookmarks
0 Replies
0 Quotes
【緊急】Zabbix の脆弱性情報 CVE-2024-42327 (CVSS 9.9) https://t.co/JV4FglcwWP
@yousukezan
29 Nov 2024
1386 Impressions
6 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
یک آسیب پذیری با شدت بحرانی و امتیاز 9.9 و با شناسه CVE-2024-42327 در #Zabbix اصلاح شده. این آسیب پذیری از نوع #SQLi هستش و امکان افزایش امتیاز و کنترل Zabbix رو به مهاجم میده. آسیب پذیری در نقطه پایانی user.get API هستش. https://t.co/pk9CcmkxdS
@onhexgroup
28 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327: SQL Injection in Zabbix, 9.9 rating 🔥 The discovered vulnerability allows any Zabbix user to perform Privilege Escalation via SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/LSM2JnwACB #cybersecurity #vulnerability_map #zabbix https://t
@Netlas_io
28 Nov 2024
3569 Impressions
14 Retweets
57 Likes
20 Bookmarks
0 Replies
1 Quote
CVSS 9.9!! とりあえずユーザーロールで user.get API をdenyした。 Zabbix SQL injection in user.get API (CVE-2024-42327) https://t.co/X5Ysztndzp
@miyahancom
28 Nov 2024
1279 Impressions
1 Retweet
5 Likes
4 Bookmarks
1 Reply
0 Quotes
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix https://t.co/TTJUIF7XQk
@Dinosn
28 Nov 2024
7713 Impressions
50 Retweets
158 Likes
35 Bookmarks
0 Replies
0 Quotes
Zabbix(ITインフラ監視製品)に重大(Critical)な脆弱性。CVE-2024-42327はCVSSスコア9.9でuser.get APIエンドポイントにおけるSQLインジェクション。悪用には一般ユーザーかそれ以上のアクセス権が必要。修正版が提供されている。 https://t.co/Ze9GqVCyET
@__kokumoto
28 Nov 2024
10396 Impressions
53 Retweets
123 Likes
48 Bookmarks
1 Reply
1 Quote
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Learn about the critical SQL injection flaw in #Zabbix and its potential impact on monitoring data and system security. https://t.co/RT276nBYA3
@the_yellow_fall
28 Nov 2024
265 Impressions
0 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
[CVE-2024-42327: CRITICAL] Zabbix frontend vulnerability alert: Non-admin user accounts with API access can exploit SQLi in CUser class, potentially breaching security. Take precautions! #cybersecurity#cybersecurity,#vulnerability https://t.co/aDNGGZmbk7 https://t.co/hWc2isCOLY
@CveFindCom
27 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exist… https://t.co/c0fCnISAlx
@CVEnew
27 Nov 2024
397 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes