Zabbix 7.0.0 - SQL Injection

Exploit Title: Zabbix 7.0.0 - SQL Injection Date: 06/12/2024 Exploit Author: Leandro Dias Barata @m4nb4 Vendor Homepage: https://www.zabbix.com/ Software Link: https://support.zabbix.com/browse/ZBX-25623 Version: 6.0.0 - 6.0.31 / 6.0.32rc1 6.4.0 - 6.4.16 / 6.4.17rc1 7.0.0 Tested on: Kali Linux...

📄 Zabbix 7.0.0 SQL Injection

Zabbix version 7.0.0 suffers from a remote SQL injection vulnerability. Exploit Title: Zabbix 7.0.0 - SQL Injection Date: 06/12/2024 Exploit Author: Leandro Dias Barata @m4nb4 Vendor Homepage: https://www.zabbix.com/ Software Link: https://support.zabbix.com/browse/ZBX-25623 Version: 6.0.0 - 6.0....

Zabbix 6.0.32rc1 PHP Code Injection

Zabbix server version 6.0.32rc1 proof of concept remote code injection exploit. ============================================================================================================================================= | Title : Zabbix server v 6.0.32rc1 PHP Code Injection Vulnerability | |...

Linux Distros Unpatched Vulnerability : CVE-2024-42327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi...

Exploit for CVE-2024-42327

CVE-2024-42327: Zabbix Privilege Escalation - RCE Descrip...

Exploit for CVE-2024-42327

Zabbix-CVE-2024-42327 RCE PoC...

Exploit for CVE-2024-42327

writeup CVE-2024-42327 zabbix vulnerability alvo: 10.129.231...

Exploit for CVE-2024-42327

CVE-2024-42327 - Zabbix SQL Injection Vulnerability SQLI No...

Exploit for CVE-2024-42327

PoC and Exploit for CVE-2024-42327 / ZBX-25623 A non-admin us...

Exploit for CVE-2024-42327

cve-2024-42327 usage: cve-2024-42327.py -h -u URL -n USERN...

CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

CVE-2024-42327

creationtimestamp| type| source ---|---|--- 2024-11-27 12:15:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113554863211557834 2024-11-27 12:18:43+00:00| seen| https://infosec.exchange/users/cve/statuses/113554877465801853 2024-11-30 06:16:53+00:00| seen| https://t.me/icscert/969...

CVE-2024-42327 SQL injection in user.get API

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...