VYPR
Unrated severityNVD Advisory· Published May 17, 2024· Updated Aug 1, 2024

Time Based SQL Injection in Zabbix Server Audit Log

CVE-2024-22120

Description

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zabbix/Zabbixllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.