CRITICAL🇵🇱 Wersja polska

CVE-2024-42327

CVSS 9.9v3.1pub. 2024-11-27upd. 2025-10-08

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

🤖 AI Analysis
How it works

The vulnerability is located in the CUser class, in the addRelatedObjects method, which is called by the CUser.get function. The CUser.get function is available to every user with access to the API, including accounts with the default User role. Input data passed to this function is not properly validated or parameterized, which enables injection of arbitrary SQL code on the database server side.

Impact

An attacker with access to the Zabbix API can execute arbitrary SQL queries in the database, which may lead to disclosure of confidential data, data modification, and potential takeover of complete system control (privilege escalation, RCE in favorable configurations).

Mitigation & patch

Patches available from the vendor should be applied in accordance with references (https://support.zabbix.com/browse/ZBX-25623). As a temporary measure, it is recommended to restrict access to the Zabbix API exclusively to trusted administrative accounts and block access to the Zabbix frontend from untrusted networks at the firewall level.

Who is affected

Zabbix – versions indicated in vendor references; installations are vulnerable where users with the default User role or another role with API access have the ability to use the Zabbix frontend.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Zabbix

    APP
    Zabbix
    6.0.0 – 6.0.32 (bez)6.4.0 – 6.4.17 (bez)7.0.0 – 7.0.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2022-23131CRITICAL9.1⚠ KEVten sam produkt

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modif...

CVE-2024-42330CRITICAL9.1PL ✓ten sam produkt

Zabbix: niekodowane nagłówki HTTP umożliwiają dostęp do ukrytych właściwości obiektów

CVE-2024-36461CRITICAL9.1PL ✓ten sam produkt

Zabbix: modyfikacja wskaźników pamięci w silniku JavaScript (RCE/DoS)

CVE-2024-22116CRITICAL9.9PL ✓ten sam produkt

Zabbix: RCE przez brak escapowania parametrów skryptu Ping

CVE-2024-22120CRITICAL9.1PL ✓ten sam produkt

Zabbix Server — time-based blind SQL injection przez pole clientip