Fluid Attacks Database

Description

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	zabbix	=1:7.0.10+dfsg-2 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| >=0 <1:7.0.22+dfsg-1	1:7.0.22+dfsg-1
debian 11	zabbix	=1:5.0.14+dfsg-1 \|\| =1:5.0.14+dfsg-1~bpo11+1 \|\| =1:5.0.17+dfsg-1 \|\| =1:5.0.17+dfsg-1~bpo11+1 \|\| =1:5.0.44+dfsg-1+deb11u1 \|\| =1:5.0.45+dfsg-1+deb11u1 \|\| =1:5.0.46+dfsg-1+deb11u1 \|\| =1:5.0.47+dfsg-0+deb11u1 \|\| =1:5.0.8+dfsg-1 \|\| =1:6.0.10+dfsg-1 \|\| =1:6.0.13+dfsg-1 \|\| =1:6.0.14+dfsg-1 \|\| =1:6.0.14+dfsg-1~bpo11+1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:6.0.3+dfsg-1 \|\| =1:6.0.6+dfsg-1 \|\| =1:6.0.7+dfsg-1 \|\| =1:6.0.7+dfsg-2 \|\| =1:6.0.7+dfsg-2~bpo11+1 \|\| =1:6.0.7+dfsg-3 \|\| =1:6.0.8+dfsg-1 \|\| =1:6.0.9+dfsg-1 \|\| =1:6.0.9+dfsg-1.1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1	-
debian 12	zabbix	=1:6.0.14+dfsg-1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1	-
debian 13	zabbix	=1:7.0.10+dfsg-2 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| >=0 <1:7.0.22+dfsg-1~deb13u1	1:7.0.22+dfsg-1~deb13u1

Aliases

1. CVE-2026-239212. NVD-2026-239213. OSV-DEBIAN-2026-239214. OSV-2026-239215. SECURITY-TRACKER-CVE-2026-23921

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.