Unrated severityNVD Advisory· Published May 17, 2024· Updated Aug 1, 2024

Time Based SQL Injection in Zabbix Server Audit Log

CVE-2024-22120

Description

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

Affected products

Zabbix/Zabbixv5
Range: 6.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.zabbix.com/browse/ZBX-24505mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.074
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000