{"vulnerability": "CVE-2024-22120", "sightings": [{"uuid": "34f80189-686d-4bf4-88ff-d0d2a24feceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llf73zmhow2u", "content": "", "creation_timestamp": "2025-03-27T21:02:05.264535Z"}, {"uuid": "7f1b151c-4e0e-400b-8cb8-d587fe305629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/114864316703655927", "content": "", "creation_timestamp": "2025-07-16T18:26:20.737663Z"}, {"uuid": "93b8c1f7-364d-453f-8e2c-d37b549036aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8318", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aReproducing the following CVEs with dockerfile:CVE-2024-33644 CVE-2024-34370 CVE-2024-22120\nURL\uff1ahttps://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-20T21:31:55.000000Z"}, {"uuid": "4c32a81b-7fe9-4017-8144-a805a7f5e77c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8225", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is my exploit for CVE-2024-22120, which involves an SSRF vulnerability inside an XXE with a Gopher payload.\nURL\uff1ahttps://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-09T21:23:44.000000Z"}, {"uuid": "e312f168-6d8d-41d5-a804-dff52a7dc4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/240", "content": "\ud83d\udea8 Alert: CVE-2024-22120 \u2013 Zabbix SQLi \u2192 RCE Attack Chain\nCVSS Score: 9.1 (Critical)\nAffects: \ud83d\udda5 Popular monitoring system Zabbix\n\n\ud83d\udd25 PoC & Exploits:\n\ud83e\uddea Official Bug Tracker: ZBX-24505\n\ud83d\udca5 Exploit Script: GitHub \u2013 CVE-2024-22120-RCE\n\n\u26a0\ufe0f What\u2019s the Risk?\nThis is a time-based SQL injection vulnerability that could:\n\u2022 Leak sensitive DB info\n\u2022 Escalate privileges\n\u2022 Lead to full Remote Code Execution (RCE) on Zabbix servers\n\n\ud83d\udef0 Track Vulnerable Targets:\nHunter is currently under maintenance \ud83d\udee0, so use these dorks instead:\n\n\ud83d\udd0e  FOFA:\napp=\"ZABBIX-Monitoring\"\n \n\ud83d\udd0e  Shodan:\nhttp.component:\"Zabbix\"\n\n\ud83d\udd0e  Hunter (when online):\nproduct.name=\"Zabbix\"\n\n\ud83d\udcf0 More Details:\nSecurityOnline Advisory\n\n\ud83c\udfaf Impact:\nZabbix is widely used in enterprises for infrastructure monitoring. An RCE here = access to entire internal networks, critical alerts, server health, and more.\n\n\ud83d\udce2 Patch or mitigate immediately!\n\nFollow @cybersecplayground for daily vulnerability alerts, PoCs, recon tips & red team tactics.\n\ud83d\udcac Like + \ud83d\udd01 Share to warn your team or community!\n\n#Zabbix #RCE #CVE2024 #infosec #bugbounty #cybersecplayground #vulnerability #sqlinjection #redteam", "creation_timestamp": "2025-06-30T09:09:25.000000Z"}, {"uuid": "911db98f-62df-4cfb-b2ad-1434ee7745e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7346", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aTime Based SQL Injection in Zabbix Server Audit Log --> RCE\nURL\uff1ahttps://github.com/W01fh4cker/CVE-2024-22120-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-05-20T03:46:22.000000Z"}, {"uuid": "46ea1d97-df11-43ac-ae02-6717ce176e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/Hunt3rkill3rs1/234", "content": "CVE-2024-22120 Zabbix Server \n*\nTime Based SQL Injection", "creation_timestamp": "2024-05-18T14:23:39.000000Z"}, {"uuid": "052d6ef8-95cd-4fcc-a414-39b11eab7b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "Telegram/NfzkBQhet1yGC8sBwvKJoq4qxmh_K1vN_5vVwW7xcxrXW-s", "content": "", "creation_timestamp": "2025-06-30T09:10:03.000000Z"}, {"uuid": "7190f494-aa24-48e8-857d-eab397783498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/644", "content": "\u200aCVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack\n\nhttps://securityonline.info/cve-2024-22120-cvss-9-1-zabbix-sqli-vulnerability-exposes-it-infrastructure-to-attack/", "creation_timestamp": "2024-05-18T12:43:32.000000Z"}, {"uuid": "a00d9b0b-df3c-45d2-be21-eb78c72587d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/paiddpam/3120", "content": "CVE-2024-22120 Zabbix Server \n\nTime Based SQL Injection\n\nhttps://support.zabbix.com/browse/ZBX-24505\n\nhttps://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py", "creation_timestamp": "2024-06-22T07:34:56.000000Z"}, {"uuid": "b6c94e9b-a6b3-4fb5-b3f6-ac9a9e1f350f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/tengkorakcybercrewz/9088", "content": "#CVE-2024-22120: Time Based SQL Injection in #Zabbix Server Audit Log", "creation_timestamp": "2024-05-29T08:25:32.000000Z"}, {"uuid": "43e377cb-2aa7-4cf0-a4fe-9b17006b6b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/tengkorakcybercrew/9192", "content": "#CVE-2024-22120: Time Based SQL Injection in #Zabbix Server Audit Log", "creation_timestamp": "2024-05-29T08:26:48.000000Z"}, {"uuid": "307e2731-e20c-4087-ad56-93aa89495c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "Telegram/9VKq_JaAKSvNyAVIQOaTsQA25aea2580MUhRGlZTPJrJ2T0", "content": "", "creation_timestamp": "2024-05-27T10:46:40.000000Z"}, {"uuid": "3bbe297c-115c-4849-bee8-10b2913bd350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "Telegram/3HoIvZ4oualLP_ut8pwT5vGdzbZuopHKK9wO2GniHsVVZs4", "content": "", "creation_timestamp": "2024-06-22T06:56:51.000000Z"}, {"uuid": "3c718fd0-5ee2-4c51-bc32-3be61368167f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2086", "content": "CVE-2024-22120 Zabbix Server \n*\nTime Based SQL Injection\n*\n\u0422\u0435\u0445 \u0434\u0435\u0442\u0430\u043b\u0438\n*\nexploit\n\n#zabbix", "creation_timestamp": "2024-05-18T07:51:40.000000Z"}, {"uuid": "75221264-9e19-4ab0-b932-9021ddb716d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "Telegram/NSN_U1WOG1rgyATnifpqOEf34SMf8hvrtnh9_RO9NB5MrLzv", "content": "", "creation_timestamp": "2024-05-21T22:04:16.000000Z"}, {"uuid": "0a760575-679a-42b3-97bc-574f3cb4510c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/tengkorakcybercrewz/1737", "content": "#CVE-2024-22120: Time Based SQL Injection in #Zabbix Server Audit Log", "creation_timestamp": "2024-05-29T08:25:32.000000Z"}, {"uuid": "6a7e8b23-c0cb-4091-86a0-000f9bc06f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "seen", "source": "Telegram/3su5uDz14M7INJHZLgm2L2kxPQxiccAFuWTjdZAgGnOnqwk", "content": "", "creation_timestamp": "2024-05-20T09:56:05.000000Z"}, {"uuid": "0ac67dba-2665-4f61-b6e4-eb926742abe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "Telegram/H8WATj5tERibB9N2ZZ17mu4oa5qTyLkrjFd3d65eW_1lU34", "content": "", "creation_timestamp": "2024-05-20T09:50:25.000000Z"}, {"uuid": "7a8fcd8e-6af0-42f3-9737-2600d748a29c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "seen", "source": "Telegram/QOCAQVHksyQqDrHjkYshikk46lawFuEFcaS9TVMMbBGBipo", "content": "", "creation_timestamp": "2024-05-20T09:47:13.000000Z"}, {"uuid": "449247be-4582-454b-a637-2f8db6da1cd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/2842", "content": "https://www.zabbix.com/security_advisories\n\n[ Time Based SQL Injection in Zabbix Server Audit Log ]\n\nCVE-2024-22120\n\n\u26d4\ufe0f CRITICAL \u26d4\ufe0f\n\nThis vulnerability could lead to privilege escalation from user to admin. In some cases, SQL injection leads to RCE.\n\nAffected version/s:\n6.0.0-6.0.27\n6.4.0-6.4.12\n7.0.0alpha1-7.0.0beta1\n\nPoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py", "creation_timestamp": "2024-05-21T15:56:08.000000Z"}, {"uuid": "0a538392-fb64-4984-a45f-4cec4e64e211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1136", "content": "CVE-2024-22120: \u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0632\u0645\u0627\u0646 \u062f\u0631 Zabbix Server Audit Log\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0648 \u0631\u0641\u0639 \u0634\u062f\u0647:\n- 6.0.0 - 6.0.27 / 6.0.28rc1\n- 6.4.0 - 6.4.12 / 6.4.13rc1\n- 7.0.0alpha1 - 7.0.0beta1 / 7.0.0beta2\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0645\u06a9\u0627\u0646 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0647\u0631 \u0645\u0642\u062f\u0627\u0631\u06cc \u0627\u0632 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0627\u0631\u062a\u0642\u0627\u0621 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u06a9\u0627\u0631\u0628\u0631 \u0628\u0647 \u0645\u062f\u06cc\u0631 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062f\u0631 \u0628\u0631\u062e\u06cc \u0645\u0648\u0627\u0631\u062f\u060c \u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u0646\u062c\u0631 \u0628\u0647 RCE (\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631) \u0645\u06cc\u200c\u0634\u0648\u062f.\n\nPoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py\n\nCVE-2024-22120: Time Based SQL Injection in Zabbix Server Audit Log\n\nAffected and fixed version/s: \n* 6.0.0 - 6.0.27 / 6.0.28rc1\n* 6.4.0 - 6.4.12 / 6.4.13rc1\n* 7.0.0alpha1 - 7.0.0beta1 / 7.0.0beta2\n\nAllows to dump any values from database. As an example of exploit above allows privilege escalation from user to admin. In some cases, SQL injection leads to RCE.\n\nPoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py", "creation_timestamp": "2024-05-22T12:35:57.000000Z"}, {"uuid": "7ba75906-3739-4d36-b221-d42ee66395c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22120", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10544", "content": "#exploit\n1. CVE-2024-4947:\nType Confusion in V8 (Chrome)\nhttps://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html\n\n2. CVE-2024-22120:\nTime Based SQL Injection/RCE in Zabbix Server Audit Log\nhttps://github.com/W01fh4cker/CVE-2024-22120-RCE", "creation_timestamp": "2024-05-22T14:16:26.000000Z"}]}