2 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the Visible name field during the autoremoval process. An attacker can execute arbitrary SQL commands by injecting malicious input into this field. Remediation Upgrade zabbix/zabbix to version 6.0.34, 6.4.19, 7.0.4 or...
CVE-2025-27240
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...