Количество 9
Количество 9
GHSA-gx59-7g62-6xhg
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User ...
BDU:2024-10543
Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии
ROS-20241212-24
Уязвимость zabbix7-lts-server-pgsql
ROS-20241212-22
Уязвимость zabbix7-lts-server-mysql
ROS-20241212-04
Уязвимость zabbix-lts-server-pgsql
ROS-20241212-02
Уязвимость zabbix-lts-server-mysql
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-gx59-7g62-6xhg A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 90% Критический | около 1 года назад |
 | CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 90% Критический | около 1 года назад |
 | CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 90% Критический | около 1 года назад |
| CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User ... | CVSS3: 9.9 | 90% Критический | около 1 года назад |
 | BDU:2024-10543 Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии | CVSS3: 9.9 | 90% Критический | около 1 года назад |
 | ROS-20241212-24 Уязвимость zabbix7-lts-server-pgsql | CVSS3: 9.9 | 90% Критический | около 1 года назад |
| ROS-20241212-22 Уязвимость zabbix7-lts-server-mysql | CVSS3: 9.9 | 90% Критический | около 1 года назад |
| ROS-20241212-04 Уязвимость zabbix-lts-server-pgsql | CVSS3: 9.9 | 90% Критический | около 1 года назад |
| ROS-20241212-02 Уязвимость zabbix-lts-server-mysql | CVSS3: 9.9 | 90% Критический | около 1 года назад |
Уязвимостей на страницу