{"vulnerability": "CVE-2024-4232", "sightings": [{"uuid": "1991f61a-cb80-4e16-bea0-0b558e0a6a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42328", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554877479572506", "content": "", "creation_timestamp": "2024-11-27T12:18:43.007243Z"}, {"uuid": "5ec7d16c-9c34-4b7c-bfbe-b2d09bf9f0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42328", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554863225774584", "content": "", "creation_timestamp": "2024-11-27T12:15:05.755353Z"}, {"uuid": "cc82954b-35a8-4fe6-9a00-9550760500f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42326", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554863197449679", "content": "", "creation_timestamp": "2024-11-27T12:15:05.157609Z"}, {"uuid": "1e36f2cb-8393-4cef-a9d5-9a68c9aed93a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554863211557834", "content": "", "creation_timestamp": "2024-11-27T12:15:05.318047Z"}, {"uuid": "e9d793de-f102-4e54-a7b9-7cda24ae10b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42326", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554877452294601", "content": "", "creation_timestamp": "2024-11-27T12:18:43.066291Z"}, {"uuid": "a29a7bdd-e30a-44f0-8ea9-fc3b2951b28d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42329", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554936520020827", "content": "", "creation_timestamp": "2024-11-27T12:33:43.813323Z"}, {"uuid": "c48a54a8-51d0-454c-80ac-de483e028686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554877465801853", "content": "", "creation_timestamp": "2024-11-27T12:18:43.167778Z"}, {"uuid": "869a6e83-8776-436d-a96c-793c9b77bd1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42325", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llsznbozpr24", "content": "", "creation_timestamp": "2025-04-02T09:01:37.079852Z"}, {"uuid": "0115fe4e-e526-4d26-9eec-5fc470ff7f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "MISP/dd71e3c5-20f7-409a-8bcc-8df3cd8022a7", "content": "", "creation_timestamp": "2025-09-03T13:30:06.000000Z"}, {"uuid": "573b0f70-bfa9-47a5-bfcc-d1a03735aff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmw2ljtwuc2c", "content": "", "creation_timestamp": "2025-04-16T07:21:42.912465Z"}, {"uuid": "f4e45232-2384-4ca9-a7f0-0839a4fc2d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmzyvz22fd2t", "content": "", "creation_timestamp": "2025-04-17T21:02:35.469652Z"}, {"uuid": "986ac334-b6b4-47a9-a1ad-5e230ff1b085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-42320", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7749bf77-9737-4f2d-8a78-1923b9aa6285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42321", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "a9d4b718-a872-4c50-a0b6-a773d41bd059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42322", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "4e0e514d-4835-4421-a044-c2c00ae56f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-42321", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "95929a07-9edc-4664-8b0b-577fb682e4d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/d8544d24-ed2b-4062-9f3a-4c28c63647f3", "content": "", "creation_timestamp": "2024-12-04T05:44:04.024593Z"}, {"uuid": "1d6c492c-2fa8-43c9-b5ba-e1e17328f4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-42321", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "967fda85-7764-4d9e-817d-e0e2e592bcb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9298", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for CVE-2024-42327 / ZBX-25623\nURL\uff1ahttps://github.com/compr00t/CVE-2024-42327\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-03T12:45:32.000000Z"}, {"uuid": "8dd5fdc3-e2a0-485e-820d-78839c9a7dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9342", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-42327, an authenticated SQL Injection in Zabbix through the user.get API Method\nURL\uff1ahttps://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-07T21:27:54.000000Z"}, {"uuid": "329ef249-1f7d-4498-8fa5-21eb940f6d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9263", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-42327: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)\nURL\uff1ahttps://github.com/zetraxz/CVE-2024-42327\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-30T17:21:34.000000Z"}, {"uuid": "ad92bf65-b65f-467a-8571-849052984e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10034", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-42325\n\ud83d\udd25 CVSS Score: 2.1 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.\n\ud83d\udccf Published: 2025-04-02T06:12:24.516Z\n\ud83d\udccf Modified: 2025-04-02T06:12:24.516Z\n\ud83d\udd17 References:\n1. https://support.zabbix.com/browse/ZBX-26258", "creation_timestamp": "2025-04-02T06:34:41.000000Z"}, {"uuid": "19de2d57-769e-4720-9356-77defea90ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9698", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aZabbix CVE-2024-42327 PoC\nURL\uff1ahttps://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-01-02T20:39:46.000000Z"}, {"uuid": "51dbc1d1-8534-4541-bd7d-3ce78581c534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/13639", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPOC for CVE-2024-42327: Zabbix Privilege Escalation -&gt; RCE\nURL\uff1ahttps://github.com/godylockz/CVE-2024-42327\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-17T00:30:31.000000Z"}, {"uuid": "c4dedb4d-7391-4eb8-aca8-2e3b45fbef20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/761", "content": "#pentest\n\nCVE-2024-42327 (CVSS 9.9) PoC\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Zabbix \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0451\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0430\u0442\u044c\u0435", "creation_timestamp": "2024-12-11T05:24:03.000000Z"}, {"uuid": "831e2e6e-4048-4e2d-b2a2-7774e18104c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/ics_cert/969", "content": "\u0647\u0634\u062f\u0627\u0631!!  Zabbix \u067e\u0633 \u0627\u0632 \u0627\u0641\u0634\u0627\u06cc \u0627\u0634\u06a9\u0627\u0644 \u062d\u06cc\u0627\u062a\u06cc \u062a\u0632\u0631\u06cc\u0642 SQL \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u0631\u062a\u0642\u0627\u0621 \u0633\u0631\u06cc\u0639 \u062f\u0627\u0631\u062f \n\n\u0627\u0631\u0627\u0626\u0647\u200c\u062f\u0647\u0646\u062f\u0647 \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u0648 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u06cc \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 Zabbix \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062c\u062f\u06cc\u062f \u0647\u0634\u062f\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0628\u0647 \u062e\u0637\u0631 \u0627\u0641\u062a\u0627\u062f\u0646 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0634\u0648\u062f.\n\u0628\u0627\u06af \u062a\u0632\u0631\u06cc\u0642 SQL \u06a9\u0647 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 CVE-2024-42327 \u062f\u0646\u0628\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0645\u062a\u06cc\u0627\u0632\u062f\u0647\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0634\u062a\u0631\u06a9 (CVSSv3) \u0627\u0645\u062a\u06cc\u0627\u0632 \u062a\u0642\u0631\u06cc\u0628\u0627\u064b \u0639\u0627\u0644\u06cc 9.9 \u0631\u0627 \u06a9\u0633\u0628 \u06a9\u0631\u062f \u0648 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc API \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f.\n\u062f\u0631 \u062a\u0648\u0636\u06cc\u062d \u067e\u0631\u0648\u0698\u0647 \u062f\u0631\u0628\u0627\u0631\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u00a0\u062a\u0648\u0636\u06cc\u062d \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u00a0: \u00ab\u06cc\u06a9 \u062d\u0633\u0627\u0628 \u06a9\u0627\u0631\u0628\u0631\u06cc \u063a\u06cc\u0631 \u0627\u062f\u0645\u06cc\u0646 \u062f\u0631 \u062c\u0644\u0648\u06cc Zabbix \u0628\u0627 \u0646\u0642\u0634 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u06a9\u0627\u0631\u0628\u0631\u060c \u06cc\u0627 \u0628\u0627 \u0647\u0631 \u0646\u0642\u0634 \u062f\u06cc\u06af\u0631\u06cc \u06a9\u0647 \u0628\u0647 API \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.\u00a0\n\"\u06cc\u06a9 SQLi \u062f\u0631 \u06a9\u0644\u0627\u0633 CUser \u062f\u0631 \u062a\u0627\u0628\u0639 addRelatedObjects \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0627\u06cc\u0646 \u062a\u0627\u0628\u0639 \u0627\u0632 \u062a\u0627\u0628\u0639 CUser.get \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0647\u0631 \u06a9\u0627\u0631\u0628\u0631\u06cc \u06a9\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc API \u062f\u0627\u0631\u062f \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a.\"\nZabbix \u06af\u0641\u062a \u06a9\u0647 \u0633\u0647 \u0646\u0633\u062e\u0647 \u0645\u062d\u0635\u0648\u0644 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a \u0648 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0645\u0648\u062c\u0648\u062f \u0627\u0631\u062a\u0642\u0627 \u06cc\u0627\u0628\u062f:\n\u2022 6.0.0\u20266.0.31\n\u2022 6.4.0\u20266.4.16\n\u2022 7.0.0\n\u0627\u0631\u062a\u0642\u0627\u0621 \u0628\u0647 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 6.0.32rc1\u060c 6.4.17rc1 \u0648 7.0.1rc1 \u0628\u0647 \u062a\u0631\u062a\u06cc\u0628 \u0627\u0632 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u062d\u0645\u0644\u0627\u062a \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u0645\u062d\u0627\u0641\u0638\u062a \u0645\u06cc \u06a9\u0646\u062f.\n\u0627\u06cc\u0646 \u067e\u0631\u0648\u0698\u0647 \u0647\u0632\u0627\u0631\u0627\u0646 \u0645\u0634\u062a\u0631\u06cc \u062f\u0631 \u0633\u0631\u062a\u0627\u0633\u0631 \u062c\u0647\u0627\u0646 \u062f\u0627\u0631\u062f \u06a9\u0647 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u0633\u0637\u062d \u062d\u0645\u0644\u0647 \u0646\u0647 \u062a\u0646\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0633\u06cc\u0627\u0631 \u0628\u0632\u0631\u06af \u0628\u0627\u0634\u062f\u060c \u0628\u0644\u06a9\u0647 \u0628\u0631 \u0628\u0631\u062e\u06cc \u0634\u0631\u06a9\u062a\u200c\u0647\u0627\u06cc \u0628\u0632\u0631\u06af \u062f\u0631 \u0647\u0631 \u0642\u0627\u0631\u0647 \u0646\u06cc\u0632 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f. \n\n\u062f\u0631 \u0627\u06cc\u0646 \u0647\u0634\u062f\u0627\u0631 \u0622\u0645\u062f\u0647 \u0627\u0633\u062a: \u00ab\u062f\u0633\u062a\u200c\u06a9\u0645 \u0627\u0632 \u0633\u0627\u0644 2007\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0645\u0627\u0646\u0646\u062f SQLi \u062a\u0648\u0633\u0637 \u062f\u06cc\u06af\u0631\u0627\u0646 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u00ab\u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u0628\u062e\u0634\u0634\u00bb \u062f\u0631 \u0646\u0638\u0631 \u06af\u0631\u0641\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u0648\u062c\u0648\u062f \u0627\u06cc\u0646 \u06cc\u0627\u0641\u062a\u0647\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SQL (\u0645\u0627\u0646\u0646\u062f CWE-89) \u0647\u0646\u0648\u0632 \u06cc\u06a9 \u06a9\u0644\u0627\u0633 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627\u06cc\u062c \u0647\u0633\u062a\u0646\u062f. \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c CWE-89 \u062f\u0631 \u0644\u06cc\u0633\u062a 25 \u062e\u0637\u0631\u0646\u0627\u06a9\u200c\u062a\u0631\u06cc\u0646 \u0648 \u0633\u0631\u0633\u062e\u062a\u200c\u062a\u0631\u06cc\u0646 \u0646\u0642\u0627\u0637 \u0636\u0639\u0641 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u062f\u0631 \u0633\u0627\u0644 2023 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f.\u00bb\n\u0647\u0631 \u062f\u0648 \u0622\u0698\u0627\u0646\u0633 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0632 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0627\u06cc\u0646 \u0641\u0631\u0648\u0634\u0646\u062f\u06af\u0627\u0646 \u062e\u0648\u0627\u0633\u062a\u0646\u062f \u062a\u0627 \u062a\u0648\u0633\u0639\u0647 \u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0631\u0627 \u0628\u0647 \u062d\u0633\u0627\u0628 \u062e\u0648\u062f \u0646\u06af\u0647 \u062f\u0627\u0631\u0646\u062f \u0648 \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u0646\u062f \u06a9\u0647 \u062a\u0623\u06cc\u06cc\u062f\u06cc\u0647 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f \u06a9\u0647 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u06a9\u062f \u0646\u0642\u0635 \u0647\u0627\u06cc SQLi \u0631\u0627 \u0627\u0632 \u0647\u0645\u0627\u0646 \u0627\u0628\u062a\u062f\u0627 \u062d\u0630\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a. \u00ae\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-30T06:16:53.000000Z"}, {"uuid": "1de9e5fa-225c-452c-b6db-0ea73136b87e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/investigationAnonYmous1/9677", "content": "\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 Zabbix \u0627\u0644\u062d\u0631\u062c\u0629 \u2013 CVE-2024-42327 (CVSS 9.9)\n\n#SQLi #exploit #Zabbix #cve\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d \u062d\u0642\u0646 SQL \u0647\u0630\u0627 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u060c \u0645\u0645\u0627 \u0642\u062f \u064a\u0639\u0631\u0636 \u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0644\u0644\u062e\u0637\u0631 \u0648\u064a\u0648\u0641\u0631 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u062d\u0633\u0627\u0633\u0629.\n\n\u0631\u0627\u0628\u0637 \u0625\u0644\u0649 \u062c\u064a\u062b\u0628 : investigationAnonYmous", "creation_timestamp": "2025-01-22T15:19:35.000000Z"}, {"uuid": "ad3a3673-1703-46fa-a5d2-4237e4155981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42325", "type": "seen", "source": "https://t.me/cvedetector/21845", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42325 - Zabbix Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-42325 \nPublished : April 2, 2025, 7:15 a.m. | 53\u00a0minutes ago \nDescription : Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T10:48:18.000000Z"}, {"uuid": "06b7bee3-a408-4c58-a5cd-a2423b7f39f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/bizone_channel/1610", "content": "\ud83e\udd65 BI.ZONE WAF \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\u00a0\u0432 Zabbix\n\n27 \u043d\u043e\u044f\u0431\u0440\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Zabbix \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-42327 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 IT-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\u00a0\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043a\u043b\u0430\u0441\u0441\u0435 CUser \u0444\u0443\u043d\u043a\u0446\u0438\u0438 addRelatedObjects, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CUser.get. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 9,9\u00a0\u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441\u043e\u0444\u0442\u0430 6.0.0\u20136.0.31, 6.4.0\u20136.4.16 \u0438 7.0.0.\n\n\u0427\u0435\u043c \u043e\u043f\u0430\u0441\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a API\u00a0\u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0443\u044e \u0442\u0430\u0439\u043d\u0443.\u00a0\n\n\u0415\u0441\u0442\u044c \u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n\n\u0414\u0430, \u043d\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b BI.ZONE \u043f\u043e\u043a\u0430 \u043d\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2024-42327 \u0432 \u0434\u0435\u043b\u0435. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 PoC \u0447\u0438\u0441\u043b\u043e \u0430\u0442\u0430\u043a \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u043e\u0437\u0440\u0430\u0441\u0442\u0438.\n\n\u0415\u0441\u0442\u044c \u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445\u00a06.0.32rc1, 6.4.17rc1 \u0438 7.0.1rc1.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u043e\u0442 \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 CVE-2024-42327 \u00a0\u043f\u043e\u043c\u043e\u0436\u0435\u0442 BI.ZONE WAF. \u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0442 \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0430\u0442\u0430\u043a \u0438 \u043d\u0435 \u043d\u0430\u0440\u0443\u0448\u0430\u044e\u0442 \u043b\u043e\u0433\u0438\u043a\u0443 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\u00a0", "creation_timestamp": "2024-12-05T10:01:44.000000Z"}, {"uuid": "87d9348e-bd9f-4a8a-ba7f-4ea551b583c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/ZeroEthical_Course/2171", "content": "SQL injection Exploit for Critical Zabbix Vulnerability \u2013 CVE-2024-42327 (CVSS 9.9)\n\nThis SQL injection could enable attackers to escalate privileges, potentially compromising the monitoring system and gaining access to sensitive enterprise data.\n\n\ud83d\udd34 Share &amp; Support Us \ud83d\udd34\n\u26a1\ufe0f Channel : @ZeroEthical_Course", "creation_timestamp": "2024-12-04T18:53:23.000000Z"}, {"uuid": "a47eec21-3cb8-40d1-a40d-55df2860dcba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2471", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-20T05:23:47.000000Z"}, {"uuid": "d77e5a47-a3b1-4988-ae99-90f7d49f2bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42323", "type": "seen", "source": "https://t.me/cvedetector/6141", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42323 - Apache HertzBeat (incubating) SnakeYaml Deserialization XML Remote Code Execution Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-42323 \nPublished : Sept. 21, 2024, 10:15 a.m. | 35\u00a0minutes ago \nDescription : SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).\u00a0  \n  \nThis vulnerability can only be exploited by authorized attackers.  \nThis issue affects Apache HertzBeat (incubating): before 1.6.0.  \n  \nUsers are recommended to upgrade to version 1.6.0, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-21T13:18:31.000000Z"}, {"uuid": "578636ca-ce58-4346-bbcc-ade3b93784fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/2885", "content": "Explotaci\u00f3n de vulnerabilidad cr\u00edtica de Zabbix \u2013 CVE-2024-42327 (CVSS 9.9)\n\n#SQLi #exploit #Zabbix #cve\n\nEsta inyecci\u00f3n SQL podr\u00eda permitir a los atacantes escalar privilegios, comprometiendo potencialmente el sistema de monitoreo y brindando acceso a datos confidenciales de la empresa.\n\nEnlace a GitHub\n\n\ud83d\udd34 Share &amp; Support Us \ud83d\udd34\n\u26a1\ufe0f Channel : @ZeroEthical_Course", "creation_timestamp": "2025-01-09T16:26:01.000000Z"}, {"uuid": "dcb72e65-76c1-41dd-9cd1-7a3d6697fed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42320", "type": "seen", "source": "https://t.me/cvedetector/3394", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42320 - Linux Kernel DASD NULL Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42320 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ns390/dasd: fix error checks in dasd_copy_pair_store()  \n  \ndasd_add_busid() can return an error via ERR_PTR() if an allocation  \nfails. However, two callsites in dasd_copy_pair_store() do not check  \nthe result, potentially resulting in a NULL pointer dereference. Fix  \nthis by checking the result with IS_ERR() and returning the error up  \nthe stack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:54.000000Z"}, {"uuid": "af619d59-7480-4ea8-b1fa-ac94a063c9a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42321", "type": "seen", "source": "https://t.me/cvedetector/3393", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42321 - Linux Kernel NetFlow Dissector Use After Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42321 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE  \n  \nThe following splat is easy to reproduce upstream as well as in -stable  \nkernels. Florian Westphal provided the following commit:  \n  \n  d1dab4f71d37 (\"net: add and use __skb_get_hash_symmetric_net\")  \n  \nbut this complementary fix has been also suggested by Willem de Bruijn  \nand it can be easily backported to -stable kernel which consists in  \nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat  \ngiven __skb_get_hash() is used by the nftables tracing infrastructure to  \nto identify packets in traces.  \n  \n[69133.561393] ------------[ cut here ]------------  \n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/  \n[...]  \n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379  \n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0  \n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff  \nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff  0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8  \n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246  \n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19  \n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418  \n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000  \n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400  \n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28  \n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000  \n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0  \n[69133.562040] Call Trace:  \n[69133.562044]    \n[69133.562049]  ? __warn+0x9f/0x1a0  \n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860  \n[...]  \n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160  \n[ 1211.841753]  __skb_get_hash+0x97/0x280  \n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230  \n[ 1211.841776]  ? mod_find+0xbf/0xe0  \n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0  \n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0  \n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70  \n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]  \n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]  \n[ 1211.841964]  ? get_stack_info+0x2b/0x80  \n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]  \n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:53.000000Z"}, {"uuid": "c252fdba-4715-4fa2-b49a-4feba9ef38f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42322", "type": "seen", "source": "https://t.me/cvedetector/3390", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42322 - Linux kernel ipvs Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42322 \nPublished : Aug. 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nipvs: properly dereference pe in ip_vs_add_service  \n  \nUse pe directly to resolve sparse warning:  \n  \n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T12:17:50.000000Z"}, {"uuid": "727f4ec7-fa6e-4850-b822-2333f5826fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6704", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-20T05:23:47.000000Z"}, {"uuid": "71bd3d8a-372c-40d4-8d8f-644081a395bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "Telegram/0rFRAJcA5i48jej77e--egtzEGGre7b2FGeMxEjvhXOFlJE", "content": "", "creation_timestamp": "2025-02-16T16:00:16.000000Z"}, {"uuid": "e0d518e1-bffc-4e68-987f-306bb8333ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/20929", "content": "https://github.com/compr00t/CVE-2024-42327\n\nPoC for CVE-2024-42327 / ZBX-25623\n#github #exploit #poc", "creation_timestamp": "2024-12-05T03:44:01.000000Z"}, {"uuid": "9fc29b88-69fa-4dc9-99e0-dfda5cd72169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/159733", "content": "CVE-2024-42327 / ZBX-25623\n*\nzabbix SQLi\n*\nPOC", "creation_timestamp": "2024-12-04T10:43:25.000000Z"}, {"uuid": "e8d04105-1f56-4dd1-8485-582913d5e5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "Telegram/oYmpRnsP0n5l9UoNVnmi0Tqagk8hdqptE5SM8rliaeN2ddE", "content": "", "creation_timestamp": "2025-04-19T13:00:06.000000Z"}, {"uuid": "35d02def-d006-45f3-9ef7-7eb8dc47134b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "Telegram/cFDIr9N6sAkWZhwxw-_ECaT3TnOsVF3ZAMr3hMtqAqO8clo", "content": "", "creation_timestamp": "2025-04-19T11:00:06.000000Z"}, {"uuid": "a4dc1527-84e4-4406-9e42-c08eae13d8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/ashaburroyah313/1002", "content": "CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix \u2013 Cyber Security News Aggregator\nhttps://www.hendryadrian.com/cve-2024-42327-cvss-9-9-critical-sql-injection-vulnerability-found-in-zabbix/", "creation_timestamp": "2024-12-02T07:46:15.000000Z"}, {"uuid": "c402fa97-107e-46f5-aa66-dc8d9c0902c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/proxy_bar/2404", "content": "CVE-2024-42327 / ZBX-25623\n*\nzabbix SQLi\n*\nPOC", "creation_timestamp": "2024-12-04T09:29:15.000000Z"}, {"uuid": "a70af836-2185-415b-8f33-2a50ab4fc961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1271", "content": "\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u062a\u0632\u0631\u06cc\u0642 SQL \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc Zabbix - CVE-2024-42327 (CVSS 9.9)\n\n \u0627\u06cc\u0646 \u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0631\u0627 \u0642\u0627\u062f\u0631 \u0628\u0647 \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a\u060c \u0628\u0647 \u0637\u0648\u0631 \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647 \u062e\u0637\u0631 \u0627\u0646\u062f\u0627\u062e\u062a\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0646\u0638\u0627\u0631\u062a \u0648 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u0627\u0632\u0645\u0627\u0646\u06cc \u06a9\u0646\u062f.\n\n\u0644\u06cc\u0646\u06a9: https://github.com/aramosf/cve-2024-42327\n\nSQL injection Exploit for Critical Zabbix Vulnerability \u2013 CVE-2024-42327 (CVSS 9.9)\n\nThis SQL injection could enable attackers to escalate privileges, potentially compromising the monitoring system and gaining access to sensitive enterprise data.\n\nLink: https://github.com/aramosf/cve-2024-42327", "creation_timestamp": "2024-12-05T10:25:28.000000Z"}, {"uuid": "8fe318b3-d9a6-4ddd-9745-c11da57e90d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/softrinx/705", "content": "CVE-2024-42327 / ZBX-25623\n*\nzabbix SQLi\n*\nPOC", "creation_timestamp": "2024-12-04T10:43:25.000000Z"}, {"uuid": "d9e8119c-0cbc-4eb4-84fb-3406325e9d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/3342", "content": "SQL injection in user.get API (CVE-2024-42327)\n\nA non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. \n\n\nAffected version:\n\n6.0.0 - 6.0.31\n6.4.0 - 6.4.16\n7.0.0\n\nhttps://support.zabbix.com/browse/ZBX-25623\n\nUPD:\nhttps://github.com/compr00t/CVE-2024-42327/\n\nThank to: @resource_not_found", "creation_timestamp": "2024-12-06T11:58:43.000000Z"}, {"uuid": "b07f7fce-b7c8-4fcf-8e7a-c96abcaf0d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "https://t.me/true_secator/6498", "content": "Zabbix \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\nCVE-2024-42327 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,9 \u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043a\u043b\u0430\u0441\u0441\u0435 CUser \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 addRelatedObjects, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CUser.get \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API.\n\n\u0423\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0431\u0435\u0437 \u043f\u0440\u0430\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 Zabbix \u0441 \u0440\u043e\u043b\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0438\u043b\u0438 \u0441 \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0440\u043e\u043b\u044c\u044e, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Qualys \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 Zabbix \u0438\u0437 83 000, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 \u0441\u0435\u0442\u0438 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Zabbix 6.0.0\u20136.0.31, 6.4.0\u20136.4.16 \u0438 7.0.0, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 6.0.32rc1, 6.4.17rc1 \u0438 7.0.1rc1, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0432 \u0438\u044e\u043b\u0435.\n\n\u0412 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 CVE-2024-36466 (CVSS 8,8) - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b cookie zbx_session \u0438 \u0432\u043e\u0439\u0442\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\nZabbix \u0432\u0435\u0440\u0441\u0438\u0438 7.0.1rc1 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 CVE-2024-36462 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 DoS.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.", "creation_timestamp": "2024-12-02T19:00:06.000000Z"}, {"uuid": "c4ee4c74-2df6-4bc6-98c4-2c1dc7b18297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/910", "content": "https://github.com/godylockz/CVE-2024-42327/blob/main/zabbix_privesc.py\n\nCVE-2024-42327: Zabbix Privilege Escalation -&gt; RCE\n#github #exploit", "creation_timestamp": "2025-02-19T05:21:06.000000Z"}, {"uuid": "4868c36b-e7cb-4c18-9e9f-8c424650b8c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/haccking/11559", "content": "\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Zabbix \u2013 CVE-2024-42327 (CVSS 9.9)\n\n#SQLi #exploit #Zabbix #cve\n\n\u042d\u0442\u0430 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 GitHub\n\nLH | \u041d\u043e\u0432\u043e\u0441\u0442\u0438 | \u041a\u0443\u0440\u0441\u044b | OSINT", "creation_timestamp": "2025-01-06T09:14:01.000000Z"}, {"uuid": "1ab4fd99-6025-418a-852a-35ed70d99b19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "seen", "source": "Telegram/-u2oTQlNmn4NovFRT2XG2JbENxmq16D6_tu9Ssxg0PV0jvg", "content": "", "creation_timestamp": "2024-12-03T03:03:50.000000Z"}, {"uuid": "3c883d08-1998-4f0d-8998-6d528c5150f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42327", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11819", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-17T01:32:28.000000Z"}]}