Unrated severityNVD Advisory· Published May 17, 2024· Updated Aug 1, 2024
Time Based SQL Injection in Zabbix Server Audit Log
CVE-2024-22120
Description
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.