CVE-2024-22120

Published May 17, 2024

Last updated 6 months ago

CVSS critical 9.1

Overview

Description: Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Source: security@zabbix.com
NVD status: Analyzed
Products: zabbix

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security@zabbix.com: CWE-20

Hype score: Not currently trending

بفضل الله سبحانه وتعالى♥️ Identified a time-based blind SQLi in Zabbix (CVE-2024-22120) allowing privilege escalation from low-priv user to admin via audit log injection Improper sanitization→ DB extraction → session forgery→ potential RCE Thread
@wadgamaraldeen
12 Feb 2026
2114 Impressions
1 Retweet
54 Likes
20 Bookmarks
4 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D724C8AD-C793-4602-8B1B-33B54A0A847A",
            "versionEndExcluding": "6.0.28",
            "versionStartIncluding": "6.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8507A896-08E2-4A4F-B499-66BDA79CAA32",
            "versionEndExcluding": "6.4.13",
            "versionStartIncluding": "6.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
            "matchCriteriaId": "93EB5757-7F98-4428-9616-C30A647A6612",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
            "matchCriteriaId": "DA00BDB5-433F-44E5-87AC-DA01C64B5DB3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*",
            "matchCriteriaId": "98C46C92-9D86-45CD-88FE-DFBB5502BB88",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:*",
            "matchCriteriaId": "B568E6DD-A6D1-4402-BB40-7DA2596A5BC8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:*",
            "matchCriteriaId": "B9C3673B-8459-4C63-8E90-724D1D42A8BB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:*",
            "matchCriteriaId": "7C9F6957-7526-4852-A579-DE556DBFAA97",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:*",
            "matchCriteriaId": "81A7A191-93DE-4C5D-963E-E8890FF7AACA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:*",
            "matchCriteriaId": "AEE202D5-3C88-43A5-9328-FC78D0B9B8CF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:*",
            "matchCriteriaId": "F88BFB75-7951-47D5-941F-3839E9E31FFA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:*",
            "matchCriteriaId": "8216247E-C160-4D2C-906E-9D8CD731B5C2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References