CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36465

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://support.zabbix.com/browse/ZBX-26257

Products affected by CVE-2024-36465

Zabbix » Zabbix » Version: 7.0.0

cpe:2.3:a:zabbix:zabbix:7.0.0
Zabbix » Zabbix » Version: 7.0.1

cpe:2.3:a:zabbix:zabbix:7.0.1
Zabbix » Zabbix » Version: 7.0.2

cpe:2.3:a:zabbix:zabbix:7.0.2
Zabbix » Zabbix » Version: 7.0.3

cpe:2.3:a:zabbix:zabbix:7.0.3
Zabbix » Zabbix » Version: 7.0.4

cpe:2.3:a:zabbix:zabbix:7.0.4
Zabbix » Zabbix » Version: 7.0.5

cpe:2.3:a:zabbix:zabbix:7.0.5
Zabbix » Zabbix » Version: 7.0.6

cpe:2.3:a:zabbix:zabbix:7.0.6
Zabbix » Zabbix » Version: 7.0.7

cpe:2.3:a:zabbix:zabbix:7.0.7
Zabbix » Zabbix » Version: 7.0.8

cpe:2.3:a:zabbix:zabbix:7.0.8
Zabbix » Zabbix » Version: 7.2.0

cpe:2.3:a:zabbix:zabbix:7.2.0
Zabbix » Zabbix » Version: 7.2.1

cpe:2.3:a:zabbix:zabbix:7.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36465

Products

Pricing

Contact Us