{"vulnerability": "CVE-2024-42327", "sightings": [{"uuid": "967fda85-7764-4d9e-817d-e0e2e592bcb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9298", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for CVE-2024-42327 / ZBX-25623\nURL\uff1ahttps://github.com/compr00t/CVE-2024-42327\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-03T12:45:32.000000Z"}, {"uuid": "19de2d57-769e-4720-9356-77defea90ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9698", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aZabbix CVE-2024-42327 PoC\nURL\uff1ahttps://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-01-02T20:39:46.000000Z"}, {"uuid": "1de9e5fa-225c-452c-b6db-0ea73136b87e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/investigationAnonYmous1/9677", "content": "\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 Zabbix \u0627\u0644\u062d\u0631\u062c\u0629 \u2013 CVE-2024-42327 (CVSS 9.9)\n\n#SQLi #exploit #Zabbix #cve\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d \u062d\u0642\u0646 SQL \u0647\u0630\u0627 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u060c \u0645\u0645\u0627 \u0642\u062f \u064a\u0639\u0631\u0636 \u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0644\u0644\u062e\u0637\u0631 \u0648\u064a\u0648\u0641\u0631 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u062d\u0633\u0627\u0633\u0629.\n\n\u0631\u0627\u0628\u0637 \u0625\u0644\u0649 \u062c\u064a\u062b\u0628 : investigationAnonYmous", "creation_timestamp": "2025-01-22T15:19:35.000000Z"}, {"uuid": "a47eec21-3cb8-40d1-a40d-55df2860dcba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2471", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-20T05:23:47.000000Z"}, {"uuid": "727f4ec7-fa6e-4850-b822-2333f5826fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6704", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-20T05:23:47.000000Z"}, {"uuid": "9fc29b88-69fa-4dc9-99e0-dfda5cd72169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/159733", "content": "CVE-2024-42327 / ZBX-25623\n*\nzabbix SQLi\n*\nPOC", "creation_timestamp": "2024-12-04T10:43:25.000000Z"}, {"uuid": "e8d04105-1f56-4dd1-8485-582913d5e5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "Telegram/oYmpRnsP0n5l9UoNVnmi0Tqagk8hdqptE5SM8rliaeN2ddE", "content": "", "creation_timestamp": "2025-04-19T13:00:06.000000Z"}, {"uuid": "35d02def-d006-45f3-9ef7-7eb8dc47134b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "Telegram/cFDIr9N6sAkWZhwxw-_ECaT3TnOsVF3ZAMr3hMtqAqO8clo", "content": "", "creation_timestamp": "2025-04-19T11:00:06.000000Z"}, {"uuid": "a70af836-2185-415b-8f33-2a50ab4fc961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1271", "content": "\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u062a\u0632\u0631\u06cc\u0642 SQL \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc Zabbix - CVE-2024-42327 (CVSS 9.9)\n\n \u0627\u06cc\u0646 \u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0631\u0627 \u0642\u0627\u062f\u0631 \u0628\u0647 \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a\u060c \u0628\u0647 \u0637\u0648\u0631 \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647 \u062e\u0637\u0631 \u0627\u0646\u062f\u0627\u062e\u062a\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0646\u0638\u0627\u0631\u062a \u0648 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u0627\u0632\u0645\u0627\u0646\u06cc \u06a9\u0646\u062f.\n\n\u0644\u06cc\u0646\u06a9: https://github.com/aramosf/cve-2024-42327\n\nSQL injection Exploit for Critical Zabbix Vulnerability \u2013 CVE-2024-42327 (CVSS 9.9)\n\nThis SQL injection could enable attackers to escalate privileges, potentially compromising the monitoring system and gaining access to sensitive enterprise data.\n\nLink: https://github.com/aramosf/cve-2024-42327", "creation_timestamp": "2024-12-05T10:25:28.000000Z"}, {"uuid": "4868c36b-e7cb-4c18-9e9f-8c424650b8c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/haccking/11559", "content": "\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Zabbix \u2013 CVE-2024-42327 (CVSS 9.9)\n\n#SQLi #exploit #Zabbix #cve\n\n\u042d\u0442\u0430 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 GitHub\n\nLH | \u041d\u043e\u0432\u043e\u0441\u0442\u0438 | \u041a\u0443\u0440\u0441\u044b | OSINT", "creation_timestamp": "2025-01-06T09:14:01.000000Z"}, {"uuid": "c4ee4c74-2df6-4bc6-98c4-2c1dc7b18297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/910", "content": "https://github.com/godylockz/CVE-2024-42327/blob/main/zabbix_privesc.py\n\nCVE-2024-42327: Zabbix Privilege Escalation -&gt; RCE\n#github #exploit", "creation_timestamp": "2025-02-19T05:21:06.000000Z"}, {"uuid": "573b0f70-bfa9-47a5-bfcc-d1a03735aff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmw2ljtwuc2c", "content": "", "creation_timestamp": "2025-04-16T07:21:42.912465Z"}, {"uuid": "f4e45232-2384-4ca9-a7f0-0839a4fc2d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmzyvz22fd2t", "content": "", "creation_timestamp": "2025-04-17T21:02:35.469652Z"}, {"uuid": "87d9348e-bd9f-4a8a-ba7f-4ea551b583c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/ZeroEthical_Course/2171", "content": "SQL injection Exploit for Critical Zabbix Vulnerability \u2013 CVE-2024-42327 (CVSS 9.9)\n\nThis SQL injection could enable attackers to escalate privileges, potentially compromising the monitoring system and gaining access to sensitive enterprise data.\n\n\ud83d\udd34 Share &amp; Support Us \ud83d\udd34\n\u26a1\ufe0f Channel : @ZeroEthical_Course", "creation_timestamp": "2024-12-04T18:53:23.000000Z"}, {"uuid": "06b7bee3-a408-4c58-a5cd-a2423b7f39f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/bizone_channel/1610", "content": "\ud83e\udd65 BI.ZONE WAF \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\u00a0\u0432 Zabbix\n\n27 \u043d\u043e\u044f\u0431\u0440\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Zabbix \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-42327 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 IT-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\u00a0\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043a\u043b\u0430\u0441\u0441\u0435 CUser \u0444\u0443\u043d\u043a\u0446\u0438\u0438 addRelatedObjects, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CUser.get. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 9,9\u00a0\u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441\u043e\u0444\u0442\u0430 6.0.0\u20136.0.31, 6.4.0\u20136.4.16 \u0438 7.0.0.\n\n\u0427\u0435\u043c \u043e\u043f\u0430\u0441\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a API\u00a0\u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0443\u044e \u0442\u0430\u0439\u043d\u0443.\u00a0\n\n\u0415\u0441\u0442\u044c \u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n\n\u0414\u0430, \u043d\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b BI.ZONE \u043f\u043e\u043a\u0430 \u043d\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2024-42327 \u0432 \u0434\u0435\u043b\u0435. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 PoC \u0447\u0438\u0441\u043b\u043e \u0430\u0442\u0430\u043a \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u043e\u0437\u0440\u0430\u0441\u0442\u0438.\n\n\u0415\u0441\u0442\u044c \u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445\u00a06.0.32rc1, 6.4.17rc1 \u0438 7.0.1rc1.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u043e\u0442 \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 CVE-2024-42327 \u00a0\u043f\u043e\u043c\u043e\u0436\u0435\u0442 BI.ZONE WAF. \u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0442 \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0430\u0442\u0430\u043a \u0438 \u043d\u0435 \u043d\u0430\u0440\u0443\u0448\u0430\u044e\u0442 \u043b\u043e\u0433\u0438\u043a\u0443 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\u00a0", "creation_timestamp": "2024-12-05T10:01:44.000000Z"}, {"uuid": "578636ca-ce58-4346-bbcc-ade3b93784fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/2885", "content": "Explotaci\u00f3n de vulnerabilidad cr\u00edtica de Zabbix \u2013 CVE-2024-42327 (CVSS 9.9)\n\n#SQLi #exploit #Zabbix #cve\n\nEsta inyecci\u00f3n SQL podr\u00eda permitir a los atacantes escalar privilegios, comprometiendo potencialmente el sistema de monitoreo y brindando acceso a datos confidenciales de la empresa.\n\nEnlace a GitHub\n\n\ud83d\udd34 Share &amp; Support Us \ud83d\udd34\n\u26a1\ufe0f Channel : @ZeroEthical_Course", "creation_timestamp": "2025-01-09T16:26:01.000000Z"}, {"uuid": "a4dc1527-84e4-4406-9e42-c08eae13d8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ashaburroyah313/1002", "content": "CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix \u2013 Cyber Security News Aggregator\nhttps://www.hendryadrian.com/cve-2024-42327-cvss-9-9-critical-sql-injection-vulnerability-found-in-zabbix/", "creation_timestamp": "2024-12-02T07:46:15.000000Z"}, {"uuid": "8fe318b3-d9a6-4ddd-9745-c11da57e90d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/softrinx/705", "content": "CVE-2024-42327 / ZBX-25623\n*\nzabbix SQLi\n*\nPOC", "creation_timestamp": "2024-12-04T10:43:25.000000Z"}, {"uuid": "c402fa97-107e-46f5-aa66-dc8d9c0902c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/proxy_bar/2404", "content": "CVE-2024-42327 / ZBX-25623\n*\nzabbix SQLi\n*\nPOC", "creation_timestamp": "2024-12-04T09:29:15.000000Z"}, {"uuid": "d9e8119c-0cbc-4eb4-84fb-3406325e9d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/3342", "content": "SQL injection in user.get API (CVE-2024-42327)\n\nA non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. \n\n\nAffected version:\n\n6.0.0 - 6.0.31\n6.4.0 - 6.4.16\n7.0.0\n\nhttps://support.zabbix.com/browse/ZBX-25623\n\nUPD:\nhttps://github.com/compr00t/CVE-2024-42327/\n\nThank to: @resource_not_found", "creation_timestamp": "2024-12-06T11:58:43.000000Z"}, {"uuid": "b07f7fce-b7c8-4fcf-8e7a-c96abcaf0d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/true_secator/6498", "content": "Zabbix \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\nCVE-2024-42327 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,9 \u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043a\u043b\u0430\u0441\u0441\u0435 CUser \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 addRelatedObjects, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CUser.get \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API.\n\n\u0423\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0431\u0435\u0437 \u043f\u0440\u0430\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 Zabbix \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0438\u043b\u0438 \u0441 \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0440\u043e\u043b\u044c\u044e, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Qualys \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 Zabbix \u0438\u0437 83 000, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 \u0441\u0435\u0442\u0438 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Zabbix 6.0.0\u20136.0.31, 6.4.0\u20136.4.16 \u0438 7.0.0, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 6.0.32rc1, 6.4.17rc1 \u0438 7.0.1rc1, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0432 \u0438\u044e\u043b\u0435.\n\n\u0412 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 CVE-2024-36466 (CVSS 8,8) - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b cookie zbx_session \u0438 \u0432\u043e\u0439\u0442\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\nZabbix \u0432\u0435\u0440\u0441\u0438\u0438 7.0.1rc1 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 CVE-2024-36462 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 DoS.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.", "creation_timestamp": "2024-12-02T19:00:06.000000Z"}, {"uuid": "1ab4fd99-6025-418a-852a-35ed70d99b19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "Telegram/-u2oTQlNmn4NovFRT2XG2JbENxmq16D6_tu9Ssxg0PV0jvg", "content": "", "creation_timestamp": "2024-12-03T03:03:50.000000Z"}, {"uuid": "0115fe4e-e526-4d26-9eec-5fc470ff7f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "MISP/dd71e3c5-20f7-409a-8bcc-8df3cd8022a7", "content": "", "creation_timestamp": "2025-09-03T13:30:06.000000Z"}, {"uuid": "95929a07-9edc-4664-8b0b-577fb682e4d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/d8544d24-ed2b-4062-9f3a-4c28c63647f3", "content": "", "creation_timestamp": "2024-12-04T05:44:04.024593Z"}, {"uuid": "8dd5fdc3-e2a0-485e-820d-78839c9a7dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9342", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-42327, an authenticated SQL Injection in Zabbix through the user.get API Method\nURL\uff1ahttps://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-07T21:27:54.000000Z"}, {"uuid": "329ef249-1f7d-4498-8fa5-21eb940f6d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9263", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-42327: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)\nURL\uff1ahttps://github.com/zetraxz/CVE-2024-42327\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-30T17:21:34.000000Z"}, {"uuid": "51dbc1d1-8534-4541-bd7d-3ce78581c534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/13639", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPOC for CVE-2024-42327: Zabbix Privilege Escalation -&gt; RCE\nURL\uff1ahttps://github.com/godylockz/CVE-2024-42327\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-17T00:30:31.000000Z"}, {"uuid": "831e2e6e-4048-4e2d-b2a2-7774e18104c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/ics_cert/969", "content": "\u0647\u0634\u062f\u0627\u0631!!  Zabbix \u067e\u0633 \u0627\u0632 \u0627\u0641\u0634\u0627\u06cc \u0627\u0634\u06a9\u0627\u0644 \u062d\u06cc\u0627\u062a\u06cc \u062a\u0632\u0631\u06cc\u0642 SQL \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u0631\u062a\u0642\u0627\u0621 \u0633\u0631\u06cc\u0639 \u062f\u0627\u0631\u062f \n\n\u0627\u0631\u0627\u0626\u0647\u200c\u062f\u0647\u0646\u062f\u0647 \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u0648 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u06cc \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 Zabbix \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062c\u062f\u06cc\u062f \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0628\u0647 \u062e\u0637\u0631 \u0627\u0641\u062a\u0627\u062f\u0646 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0634\u0648\u062f.\n\u0628\u0627\u06af \u062a\u0632\u0631\u06cc\u0642 SQL \u06a9\u0647 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 CVE-2024-42327 \u062f\u0646\u0628\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0645\u062a\u06cc\u0627\u0632\u062f\u0647\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0634\u062a\u0631\u06a9 (CVSSv3) \u0627\u0645\u062a\u06cc\u0627\u0632 \u062a\u0642\u0631\u06cc\u0628\u0627\u064b \u0639\u0627\u0644\u06cc 9.9 \u0631\u0627 \u06a9\u0633\u0628 \u06a9\u0631\u062f \u0648 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc API \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f.\n\u062f\u0631 \u062a\u0648\u0636\u06cc\u062d \u067e\u0631\u0648\u0698\u0647 \u062f\u0631\u0628\u0627\u0631\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u00a0\u062a\u0648\u0636\u06cc\u062d \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u00a0: \u00ab\u06cc\u06a9 \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631\u06cc \u063a\u06cc\u0631 \u0627\u062f\u0645\u06cc\u0646 \u062f\u0631 \u062c\u0644\u0648\u06cc Zabbix \u0628\u0627 \u0646\u0642\u0634 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u06a9\u0627\u0631\u0628\u0631\u060c \u06cc\u0627 \u0628\u0627 \u0647\u0631 \u0646\u0642\u0634 \u062f\u06cc\u06af\u0631\u06cc \u06a9\u0647 \u0628\u0647 API \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.\u00a0\n\"\u06cc\u06a9 SQLi \u062f\u0631 \u06a9\u0644\u0627\u0633 CUser \u062f\u0631 \u062a\u0627\u0628\u0639 addRelatedObjects \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0627\u06cc\u0646 \u062a\u0627\u0628\u0639 \u0627\u0632 \u062a\u0627\u0628\u0639 CUser.get \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0647\u0631 \u06a9\u0627\u0631\u0628\u0631\u06cc \u06a9\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc API \u062f\u0627\u0631\u062f \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a.\"\nZabbix \u06af\u0641\u062a \u06a9\u0647 \u0633\u0647 \u0646\u0633\u062e\u0647 \u0645\u062d\u0635\u0648\u0644 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a \u0648 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0645\u0648\u062c\u0648\u062f \u0627\u0631\u062a\u0642\u0627 \u06cc\u0627\u0628\u062f:\n\u2022 6.0.0\u20266.0.31\n\u2022 6.4.0\u20266.4.16\n\u2022 7.0.0\n\u0627\u0631\u062a\u0642\u0627\u0621 \u0628\u0647 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 6.0.32rc1\u060c 6.4.17rc1 \u0648 7.0.1rc1 \u0628\u0647 \u062a\u0631\u062a\u06cc\u0628 \u0627\u0632 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u062d\u0645\u0644\u0627\u062a \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u0645\u062d\u0627\u0641\u0638\u062a \u0645\u06cc \u06a9\u0646\u062f.\n\u0627\u06cc\u0646 \u067e\u0631\u0648\u0698\u0647 \u0647\u0632\u0627\u0631\u0627\u0646 \u0645\u0634\u062a\u0631\u06cc \u062f\u0631 \u0633\u0631\u062a\u0627\u0633\u0631 \u062c\u0647\u0627\u0646 \u062f\u0627\u0631\u062f \u06a9\u0647 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u0633\u0637\u062d \u062d\u0645\u0644\u0647 \u0646\u0647 \u062a\u0646\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0633\u06cc\u0627\u0631 \u0628\u0632\u0631\u06af \u0628\u0627\u0634\u062f\u060c \u0628\u0644\u06a9\u0647 \u0628\u0631 \u0628\u0631\u062e\u06cc \u0634\u0631\u06a9\u062a\u200c\u0647\u0627\u06cc \u0628\u0632\u0631\u06af \u062f\u0631 \u0647\u0631 \u0642\u0627\u0631\u0647 \u0646\u06cc\u0632 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f. \n\n\u062f\u0631 \u0627\u06cc\u0646 \u0647\u0634\u062f\u0627\u0631 \u0622\u0645\u062f\u0647 \u0627\u0633\u062a: \u00ab\u062f\u0633\u062a\u200c\u06a9\u0645 \u0627\u0632 \u0633\u0627\u0644 2007\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0645\u0627\u0646\u0646\u062f SQLi \u062a\u0648\u0633\u0637 \u062f\u06cc\u06af\u0631\u0627\u0646 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u00ab\u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u0628\u062e\u0634\u0634\u00bb \u062f\u0631 \u0646\u0638\u0631 \u06af\u0631\u0641\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u0648\u062c\u0648\u062f \u0627\u06cc\u0646 \u06cc\u0627\u0641\u062a\u0647\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SQL (\u0645\u0627\u0646\u0646\u062f CWE-89) \u0647\u0646\u0648\u0632 \u06cc\u06a9 \u06a9\u0644\u0627\u0633 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627\u06cc\u062c \u0647\u0633\u062a\u0646\u062f. \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c CWE-89 \u062f\u0631 \u0644\u06cc\u0633\u062a 25 \u062e\u0637\u0631\u0646\u0627\u06a9\u200c\u062a\u0631\u06cc\u0646 \u0648 \u0633\u0631\u0633\u062e\u062a\u200c\u062a\u0631\u06cc\u0646 \u0646\u0642\u0627\u0637 \u0636\u0639\u0641 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u062f\u0631 \u0633\u0627\u0644 2023 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f.\u00bb\n\u0647\u0631 \u062f\u0648 \u0622\u0698\u0627\u0646\u0633 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0632 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0627\u06cc\u0646 \u0641\u0631\u0648\u0634\u0646\u062f\u06af\u0627\u0646 \u062e\u0648\u0627\u0633\u062a\u0646\u062f \u062a\u0627 \u062a\u0648\u0633\u0639\u0647 \u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0631\u0627 \u0628\u0647 \u062d\u0633\u0627\u0628 \u062e\u0648\u062f \u0646\u06af\u0647 \u062f\u0627\u0631\u0646\u062f \u0648 \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u0646\u062f \u06a9\u0647 \u062a\u0623\u06cc\u06cc\u062f\u06cc\u0647 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f \u06a9\u0647 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u06a9\u062f \u0646\u0642\u0635 \u0647\u0627\u06cc SQLi \u0631\u0627 \u0627\u0632 \u0647\u0645\u0627\u0646 \u0627\u0628\u062a\u062f\u0627 \u062d\u0630\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a. \u00ae\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-30T06:16:53.000000Z"}, {"uuid": "c4dedb4d-7391-4eb8-aca8-2e3b45fbef20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/761", "content": "#pentest\n\nCVE-2024-42327 (CVSS 9.9) PoC\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Zabbix \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0451\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0430\u0442\u044c\u0435", "creation_timestamp": "2024-12-11T05:24:03.000000Z"}, {"uuid": "e0d518e1-bffc-4e68-987f-306bb8333ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/20929", "content": "https://github.com/compr00t/CVE-2024-42327\n\nPoC for CVE-2024-42327 / ZBX-25623\n#github #exploit #poc", "creation_timestamp": "2024-12-05T03:44:01.000000Z"}, {"uuid": "71bd3d8a-372c-40d4-8d8f-644081a395bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "Telegram/0rFRAJcA5i48jej77e--egtzEGGre7b2FGeMxEjvhXOFlJE", "content": "", "creation_timestamp": "2025-02-16T16:00:16.000000Z"}, {"uuid": "3c883d08-1998-4f0d-8998-6d528c5150f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11819", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-17T01:32:28.000000Z"}, {"uuid": "1e36f2cb-8393-4cef-a9d5-9a68c9aed93a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554863211557834", "content": "", "creation_timestamp": "2024-11-27T12:15:05.318047Z"}, {"uuid": "c48a54a8-51d0-454c-80ac-de483e028686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554877465801853", "content": "", "creation_timestamp": "2024-11-27T12:18:43.167778Z"}]}