CVE-2024-45699

MEDIUM

Zabbix 6.0.0-6.0.36 - Cross-Site Scripting via backurl Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-45699. PoCs published by milo2012.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-36465, demonstrating SQL injection in Zabbix via the 'groupBy' parameter in the API. The PoC authenticates, injects SQL payloads, and extracts user credentials from the database.

Description

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

Exploits (1)

github WORKING POC
by milo2012 · pythonpoc
https://github.com/milo2012/CVE-PoCs/tree/main/assets/CVE-2024-45699.png

The repository contains functional exploit code for CVE-2024-36465, demonstrating SQL injection in Zabbix via the 'groupBy' parameter in the API. The PoC authenticates, injects SQL payloads, and extracts user credentials from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Zabbix (version not explicitly specified, but likely 7.0.4 based on Dockerfile)
Auth required
Prerequisites: valid Zabbix credentials · network access to Zabbix API endpoint
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0031
EPSS Percentile 22.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
zabbix/zabbix 6.0.0 - 6.0.37
Published Apr 02, 2025
Tracked Since Feb 18, 2026