{"id":"CVE-2024-22116","details":"An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.","modified":"2026-03-09T23:52:03.357533Z","published":"2024-08-12T13:38:15.863Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"},{"type":"ADVISORY","url":"https://support.zabbix.com/browse/ZBX-25016"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zabbix/zabbix","events":[{"introduced":"0"},{"last_affected":"aef542ad8aef472874199012f9b2350db16dc7ee"},{"introduced":"0"},{"last_affected":"72e3519b849b54011cc7792669fbcc629eb502c9"},{"introduced":"0"},{"last_affected":"8880b5094a533ea929452b4aebf021914df01eb8"},{"introduced":"0"},{"last_affected":"6a0cc01bda00a30dba89b5ce4b32929393e0b523"},{"introduced":"0"},{"last_affected":"5da045b87956adeab639bf0b3d71f8c99a664233"},{"introduced":"0"},{"last_affected":"cf4c50ece539d86f04d88401045c703b5ae4cfe9"},{"introduced":"0"},{"last_affected":"721b0012b82edad4dd6617b0e2aa934611cc8cec"},{"introduced":"0"},{"last_affected":"78774f702f8d222235c6e5a8b27db9490386c2e9"},{"introduced":"0"},{"last_affected":"6c4616adff77b12e9e208c55257522f9a3cd8430"},{"introduced":"0"},{"last_affected":"9bc845eca94c33485e68b46e5884a9ff6beb31cc"},{"introduced":"0"},{"last_affected":"2ece7509fa634b1a5a2300fc743f595dcf783924"},{"introduced":"0"},{"last_affected":"11b4728fed8d43dcaea1fb061bc66903bc1a614c"},{"introduced":"0"},{"last_affected":"c3509cfd591f127fe28406d4a266e02f3e84a18b"},{"introduced":"0"},{"last_affected":"b6bea25de214bef475bcb907f27f68d4457d55b1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.0-alpha1"},{"introduced":"0"},{"last_affected":"7.0.0-alpha2"},{"introduced":"0"},{"last_affected":"7.0.0-alpha3"},{"introduced":"0"},{"last_affected":"7.0.0-alpha4"},{"introduced":"0"},{"last_affected":"7.0.0-alpha5"},{"introduced":"0"},{"last_affected":"7.0.0-alpha6"},{"introduced":"0"},{"last_affected":"7.0.0-alpha7"},{"introduced":"0"},{"last_affected":"7.0.0-alpha8"},{"introduced":"0"},{"last_affected":"7.0.0-alpha9"},{"introduced":"0"},{"last_affected":"7.0.0-beta1"},{"introduced":"0"},{"last_affected":"7.0.0-beta2"},{"introduced":"0"},{"last_affected":"7.0.0-beta3"},{"introduced":"0"},{"last_affected":"7.0.0-rc1"},{"introduced":"0"},{"last_affected":"7.0.0-rc2"}]}}],"versions":["6.0.0","6.0.0alpha1","6.0.0alpha2","6.0.0alpha3","6.0.0alpha4","6.0.0alpha5","6.0.0alpha6","6.0.0alpha7","6.0.0beta1","6.0.0beta2","6.0.0beta3","6.0.0rc1","6.0.0rc2","7.0.0alpha1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22116.json","unresolved_ranges":[{"events":[{"introduced":"6.4.9"},{"last_affected":"6.4.15"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}