{"vulnerability": "CVE-2021-27927", "sightings": [{"uuid": "148117d7-4c32-49cd-8dbd-6528b73a2471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27927", "type": "seen", "source": "https://t.me/cibsecurity/24412", "content": "\u203c CVE-2021-27927 \u203c\n\nIn Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x before 5.2.4rc1, and 5.3.x and 5.4.x before 5.4.0alpha1, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-03T20:45:52.000000Z"}, {"uuid": "4e3aeaea-cd8f-4fe2-bee0-4ac462245d94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27927", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2883", "content": "#Threat_Research\n1. Reproducing the MS Exchange Proxylogon Exploit Chain\nhttps://www.praetorian.com/blog/reproducing-proxylogon-exploit\n2. On Exploiting CVE-2021-1648 (Splwow64 LPE)\nhttp://dronesec.pw/blog/2021/03/10/on-exploiting-cve-2021-1648\n3. CSRF to RCE Chain in Zabbix (PoC for CVE-2021-27927)\nhttps://www.horizon3.ai/disclosures/zabbix-csrf-to-rce", "creation_timestamp": "2021-03-11T11:01:04.000000Z"}]}