CVE-2024-42327

SQL injection in user.get API

Severity Score

9.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

Una cuenta de usuario que no sea administrador en la interfaz de Zabbix con el rol de usuario predeterminado o con cualquier otro rol que proporcione acceso a la API puede aprovechar esta vulnerabilidad. Existe una SQLi en la clase CUser en la función addRelatedObjects; esta función se llama desde la función CUser.get, que está disponible para todos los usuarios que tienen acceso a la API.

Zabbix version 7.0.0 suffers from a remote SQL injection vulnerability.

*Credits: Zabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-11-27 CVE Published
2024-12-03 First Exploit
2024-12-04 CVE Updated
2025-07-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

CAPEC-233: Privilege Escalation

References (16)

URL	Tag	Source
https://support.zabbix.com/browse/ZBX-25623

URL	Date	SRC
https://packetstorm.news/files/id/183055	2024-12-10
https://packetstorm.news/files/id/189287	2025-02-18
https://packetstorm.news/files/id/189549	2025-03-05
https://packetstorm.news/files/id/189589	2025-03-06
https://packetstorm.news/files/id/189661	2025-03-10
https://packetstorm.news/files/id/190513	2025-04-16
https://github.com/compr00t/CVE-2024-42327	2024-12-03
https://github.com/aramosf/cve-2024-42327	2024-12-05
https://github.com/depers-rus/CVE-2024-42327	2024-12-06
https://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI	2024-12-07
https://github.com/itform-fr/Zabbix---CVE-2024-42327	2024-12-11
https://github.com/igorbf495/CVE-2024-42327	2024-12-12
https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE	2025-01-03
https://github.com/godylockz/CVE-2024-42327	2025-02-18
https://github.com/874anthony/CVE-2024-42327_Zabbix_SQLi	2025-04-19

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zabbix Search vendor "Zabbix"		Zabbix Search vendor "Zabbix" for product "Zabbix"				>= 6.0.0 <= 6.0.31 Search vendor "Zabbix" for product "Zabbix" and version " >= 6.0.0 <= 6.0.31"		en		Affected
Zabbix Search vendor "Zabbix"		Zabbix Search vendor "Zabbix" for product "Zabbix"				>= 6.4.0 <= 6.4.16 Search vendor "Zabbix" for product "Zabbix" and version " >= 6.4.0 <= 6.4.16"		en		Affected
Zabbix Search vendor "Zabbix"		Zabbix Search vendor "Zabbix" for product "Zabbix"				>= 7.0.0 <= 7.0.1 Search vendor "Zabbix" for product "Zabbix" and version " >= 7.0.0 <= 7.0.1"		en		Affected