2 matches found
CVE-2025-27240 Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...
CVE-2025-27240
CVE-2025-27240.doc: A Zabbix Server vulnerability lets an administrator inject arbitrary SQL during autoremove of hosts by inserting malicious SQL in the ‘Visible name’ field. Affected: Zabbix Server host autoremove logic; root cause is SQL injection in the Visible name field. Impact per CVSS: hi...