skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical SQL Injection Vulnerability Discovered in Zabbix

/ 1 min read

Critical SQL Injection Vulnerability Discovered in Zabbix. Security researcher Alejandro Ramos has unveiled a proof-of-concept exploit for CVE-2024-42327, a severe SQL injection vulnerability in Zabbix, an open-source monitoring platform, with a CVSSv3 score of 9.9. This flaw, located in the CUser class’s addRelatedObjects function, allows non-admin users with API access to exploit the vulnerability, potentially leading to privilege escalation and unauthorized access to sensitive data. Zabbix has acknowledged the issue and urged users to update to patched versions immediately, as affected versions include 6.0.0 through 6.0.31, 6.4.0 through 6.4.16, and 7.0.0. Organizations are advised to restrict unnecessary API permissions to mitigate risks associated with this vulnerability.