Home > Vulnerability Database > CVE-2024-42327

Mend.io Vulnerability Database

CVE-2024-42327

Date: November 27, 2024

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

Language: PHP

Severity Score

9.9

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-42327

Url: https://support.zabbix.com/browse/ZBX-25623

Url: https://www.mend.io/vulnerability-database/CVE-2024-42327

Severity Score

9.9

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-42327

Date: November 27, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?