vulnerability

Alpine Linux: CVE-2024-42327: SQL Injection

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Nov 27, 2024	Aug 8, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Nov 27, 2024

Added

Aug 8, 2025

Modified

Dec 5, 2025

Description

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

Solution

alpine-linux-upgrade-zabbix

References

CVE-2024-42327
https://attackerkb.com/topics/CVE-2024-42327
URL-https://security.alpinelinux.org/vuln/CVE-2024-42327
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today