The SQL injection vulnerability CVE-2024-42327 poses a critical risk to Zabbix users, allowing full system compromise through API access by non-admin accounts.
Tracked as CVE-2024-42327, the SQL injection bug scored 9.9 on the CVSSv3 scale, indicating its severity and potential for exploitation.
Zabbix has identified three affected product versions and recommends users upgrade to versions 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1 to mitigate risks.
Considering Zabbix's widespread customer base, including major organizations like Bupa and Dell, the vulnerability presents a large attack surface affecting various sectors.
Collection
[
|
...
]