{"uuid": "e312f168-6d8d-41d5-a804-dff52a7dc4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/240", "content": "\ud83d\udea8 Alert: CVE-2024-22120 \u2013 Zabbix SQLi \u2192 RCE Attack Chain\nCVSS Score: 9.1 (Critical)\nAffects: \ud83d\udda5 Popular monitoring system Zabbix\n\n\ud83d\udd25 PoC & Exploits:\n\ud83e\uddea Official Bug Tracker: ZBX-24505\n\ud83d\udca5 Exploit Script: GitHub \u2013 CVE-2024-22120-RCE\n\n\u26a0\ufe0f What\u2019s the Risk?\nThis is a time-based SQL injection vulnerability that could:\n\u2022 Leak sensitive DB info\n\u2022 Escalate privileges\n\u2022 Lead to full Remote Code Execution (RCE) on Zabbix servers\n\n\ud83d\udef0 Track Vulnerable Targets:\nHunter is currently under maintenance \ud83d\udee0, so use these dorks instead:\n\n\ud83d\udd0e  FOFA:\napp=\"ZABBIX-Monitoring\"\n \n\ud83d\udd0e  Shodan:\nhttp.component:\"Zabbix\"\n\n\ud83d\udd0e  Hunter (when online):\nproduct.name=\"Zabbix\"\n\n\ud83d\udcf0 More Details:\nSecurityOnline Advisory\n\n\ud83c\udfaf Impact:\nZabbix is widely used in enterprises for infrastructure monitoring. An RCE here = access to entire internal networks, critical alerts, server health, and more.\n\n\ud83d\udce2 Patch or mitigate immediately!\n\nFollow @cybersecplayground for daily vulnerability alerts, PoCs, recon tips & red team tactics.\n\ud83d\udcac Like + \ud83d\udd01 Share to warn your team or community!\n\n#Zabbix #RCE #CVE2024 #infosec #bugbounty #cybersecplayground #vulnerability #sqlinjection #redteam", "creation_timestamp": "2025-06-30T09:09:25.000000Z"}