{"uuid": "d9e8119c-0cbc-4eb4-84fb-3406325e9d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/3342", "content": "SQL injection in user.get API (CVE-2024-42327)\n\nA non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. \n\n\nAffected version:\n\n6.0.0 - 6.0.31\n6.4.0 - 6.4.16\n7.0.0\n\nhttps://support.zabbix.com/browse/ZBX-25623\n\nUPD:\nhttps://github.com/compr00t/CVE-2024-42327/\n\nThank to: @resource_not_found", "creation_timestamp": "2024-12-06T11:58:43.000000Z"}