CVE-2024-22120

CRITICAL EXPLOITED NUCLEI

Zabbix Server - Command Injection

Title source: llm

Description

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

Exploits (4)

nomisec WORKING POC 129 stars

by W01fh4cker · remote

https://github.com/W01fh4cker/CVE-2024-22120-RCE

View Code ZIP pw:eip

github WRITEUP 7 stars

by cybersecplayground · poc

https://github.com/cybersecplayground/PoC-and-CVE-Reports/tree/main/2024/CVE-2024-22120.md

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by g4nkd · remote-auth

https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by isPique · remote-auth

https://github.com/isPique/CVE-2024-22120-RCE-with-gopher

View Code ZIP pw:eip

Nuclei Templates (1)

Zabbix Server - Time-Based Blind SQL injection

CRITICALby CodeStuffBreakThings

Shodan: http.title:"zabbix-server" || cpe:"cpe:2.3:a:zabbix:zabbix" || http.favicon.hash:"892542951"

FOFA: icon_hash=892542951 || app="zabbix-监控系统" && body="saml" || title="zabbix-server"

References (1)

[Exploit, Vendor Advisory] https://support.zabbix.com/browse/ZBX-24505

Scores

CVSS v3 9.1

EPSS 0.9212

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2025-03-19

CWE

CWE-20

Status published

Products (2)

zabbix/zabbix 7.0.0 alpha1 (10 CPE variants)

zabbix/zabbix 6.0.0 - 6.0.28

Published May 17, 2024

Tracked Since Feb 18, 2026