CVE-2024-36465 Information

Description

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

Reference

https://support.zabbix.com/browse/ZBX-26257