CVE-2023-41884

2024-08-1220:15:07

Alpine Linux Development Team

security.alpinelinux.org

zoneminder

sql injection

vulnerability

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

28.4%

JSON

ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchzoneminder= 1.36.33-r6UNKNOWN
Alpine3.20-communitynoarchzoneminder= 1.36.33-r5UNKNOWN