| Description: | | Zabbix is an enterprise-class open source monitoring solution that provides distributed system monitoring and network monitoring capabilities based on a WEB interface. The addRelatedObjects function in the CUser class of Zabbix's front-end does not adequately validate and escape the input data, allowing a malicious user with API access to pass a customized input through the user.get API to trigger a SQL injection attack. The Vulnerability can then be exploited to enhance permissions or access sensitive data. The affected versions are Zabbix 6.0.0-6.0.31, Zabbix 6.4.0-6.4.16, and Zabbix 7.0.0. |