Notice: file_put_contents(): Write of 11944 bytes failed with errno=28 No space left on device in /var/www/tgoop/post.php on line 50

Warning: file_put_contents(): Only 4096 of 16040 bytes written, possibly out of free disk space in /var/www/tgoop/post.php on line 50
SysAdmin 24x7@sysadmin24x7 P.5912
SYSADMIN24X7 Telegram 5912
tgoop.com » United States » SysAdmin 24x7 » Telegram web » Post 5912
SysAdmin 24x7
SQL injection in user.get API (CVE-2024-42327)

Link to Zabbix ID https://support.zabbix.com/browse/ZBX-25623

Mitre ID CVE-2024-42327

CVSS score 9.9
CVSS vector https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity Critical
Summary SQL injection in user.get API
Description A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
FIRST — Forum of Incident Response and Security Teams
Common Vulnerability Scoring System Version 3.1 Calculator
www.tgoop.com/sysadmin24x7/5912
1.3K views



tgoop.com/sysadmin24x7/5912
Create:
Last Update:

SQL injection in user.get API (CVE-2024-42327)

Link to Zabbix ID https://support.zabbix.com/browse/ZBX-25623

Mitre ID CVE-2024-42327

CVSS score 9.9
CVSS vector https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity Critical
Summary SQL injection in user.get API
Description A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

BY SysAdmin 24x7




Share with your friend now:
tgoop.com/sysadmin24x7/5912

View MORE
Open in Telegram


Telegram News

Date: |

How to create a business channel on Telegram? (Tutorial) Over 33,000 people sent out over 1,000 doxxing messages in the group. Although the administrators tried to delete all of the messages, the posting speed was far too much for them to keep up. The court said the defendant had also incited people to commit public nuisance, with messages calling on them to take part in rallies and demonstrations including at Hong Kong International Airport, to block roads and to paralyse the public transportation system. Various forms of protest promoted on the messaging platform included general strikes, lunchtime protests and silent sit-ins. Invite up to 200 users from your contacts to join your channel A few years ago, you had to use a special bot to run a poll on Telegram. Now you can easily do that yourself in two clicks. Hit the Menu icon and select “Create Poll.” Write your question and add up to 10 options. Running polls is a powerful strategy for getting feedback from your audience. If you’re considering the possibility of modifying your channel in any way, be sure to ask your subscribers’ opinions first.
from us


SQL injection in user.get API (CVE-2024-42327)

 SysAdmin 24x7 TG
web: 5912
SysAdmin 24x7.Telegram web
SysAdmin 24x7 Telegram TG Channel
Telegram Updated:
Telegram SysAdmin 24x7
FROM American