CVE-2024-22120

Name of the Vulnerable Software and Affected Versions: Zabbix server versions 6.0.0 through 6.0.27 Zabbix server versions 6.4.0 through 6.4.12 Zabbix server versions 7.0.0alpha1 through 7.0.0beta1

Description: The Zabbix server is vulnerable to a time-based SQL injection attack due to the "clientip" field not being sanitized. This allows an attacker to inject SQL into the "clientip" field and exploit the vulnerability. The attack can lead to privilege escalation from user to admin and, in some cases, remote code execution. The vulnerability is related to the execution of configured scripts and the addition of audit entries to the "Audit Log".

Recommendations: For Zabbix server versions 6.0.0 through 6.0.27, update to version 6.0.28rc1 or later. For Zabbix server versions 6.4.0 through 6.4.12, update to version 6.4.13rc1 or later. For Zabbix server versions 7.0.0alpha1 through 7.0.0beta1, update to version 7.0.0beta2 or later. As a temporary workaround, consider disabling the execution of configured scripts until a patch is available. Restrict access to the "Audit Log" to minimize the risk of exploitation. Avoid using the "clientip" field in the affected API endpoint until the issue is resolved.