Security Advisory

CVE-2024-42327

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-27 12:04:31

Last updated 2024-12-04 04:55:21

Assigner Zabbix

State PUBLISHED

Description

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

← Browse all CVEs View on cve.org ↗