{"uuid": "0a538392-fb64-4984-a45f-4cec4e64e211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1136", "content": "CVE-2024-22120: \u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0632\u0645\u0627\u0646 \u062f\u0631 Zabbix Server Audit Log\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0648 \u0631\u0641\u0639 \u0634\u062f\u0647:\n- 6.0.0 - 6.0.27 / 6.0.28rc1\n- 6.4.0 - 6.4.12 / 6.4.13rc1\n- 7.0.0alpha1 - 7.0.0beta1 / 7.0.0beta2\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0645\u06a9\u0627\u0646 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0647\u0631 \u0645\u0642\u062f\u0627\u0631\u06cc \u0627\u0632 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0627\u0631\u062a\u0642\u0627\u0621 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0647 \u0645\u062f\u06cc\u0631 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062f\u0631 \u0628\u0631\u062e\u06cc \u0645\u0648\u0627\u0631\u062f\u060c \u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u0646\u062c\u0631 \u0628\u0647 RCE (\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631) \u0645\u06cc\u200c\u0634\u0648\u062f.\n\nPoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py\n\nCVE-2024-22120: Time Based SQL Injection in Zabbix Server Audit Log\n\nAffected and fixed version/s: \n* 6.0.0 - 6.0.27 / 6.0.28rc1\n* 6.4.0 - 6.4.12 / 6.4.13rc1\n* 7.0.0alpha1 - 7.0.0beta1 / 7.0.0beta2\n\nAllows to dump any values from database. As an example of exploit above allows privilege escalation from user to admin. In some cases, SQL injection leads to RCE.\n\nPoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py", "creation_timestamp": "2024-05-22T12:35:57.000000Z"}