VYPR
Unrated severityNVD Advisory· Published Nov 27, 2024· Updated Dec 4, 2024

SQL injection in user.get API

CVE-2024-42327

Description

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zabbix/Zabbixllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2024-42327 · VYPR