Количество 9
Количество 9
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVE-2024-42327
A non-admin user account on the Zabbix frontend with the default User ...
GHSA-gx59-7g62-6xhg
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
BDU:2024-10543
Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии
ROS-20241212-24
Уязвимость zabbix7-lts-server-pgsql
ROS-20241212-22
Уязвимость zabbix7-lts-server-mysql
ROS-20241212-04
Уязвимость zabbix-lts-server-pgsql
ROS-20241212-02
Уязвимость zabbix-lts-server-mysql
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
 | CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
| CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User ... | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
| GHSA-gx59-7g62-6xhg A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
 | BDU:2024-10543 Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
 | ROS-20241212-24 Уязвимость zabbix7-lts-server-pgsql | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
| ROS-20241212-22 Уязвимость zabbix7-lts-server-mysql | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
| ROS-20241212-04 Уязвимость zabbix-lts-server-pgsql | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
| ROS-20241212-02 Уязвимость zabbix-lts-server-mysql | CVSS3: 9.9 | 91% Критический | больше 1 года назад |
Уязвимостей на страницу