Lucene search
K

CVE-2026-27470

🗓️ 21 Feb 2026 08:05:01Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov👁 74 Views🌐 WEB

Second-order SQL injection in ZoneMinder getNearEvents via stored event name and cause; edit view authenticated users can exploit.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2026-27470
21 Feb 202617:05
githubexploit
ATTACKERKB
CVE-2026-27470
21 Feb 202608:05
attackerkb
AlpineLinux
CVE-2026-27470
21 Feb 202608:05
alpinelinux
Circl
CVE-2026-27470
21 Feb 202608:17
circl
CNNVD
ZoneMinder SQL注入漏洞
21 Feb 202600:00
cnnvd
Cvelist
CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields
21 Feb 202608:05
cvelist
Debian CVE
CVE-2026-27470
21 Feb 202608:05
debiancve
NVD
CVE-2026-27470
21 Feb 202608:16
nvd
OSV
CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields
21 Feb 202608:05
osv
OSV
DEBIAN-CVE-2026-27470
21 Feb 202608:16
osv
Rows per page
NVD
Vulners
Node
OR
zoneminderzoneminderRange1.37.611.38.1
[
  {
    "vendor": "ZoneMinder",
    "product": "zoneminder",
    "versions": [
      {
        "version": "< 1.36.38",
        "status": "affected"
      },
      {
        "version": ">= 1.37.61, < 1.38.1",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
sort_fieldquery paramindex.php?entity=nearevents&id=1&sort_field=Name&sort_asc=1Second-order SQL injection via getNearEvents() where stored value from Events.Name is concatenated into a SQL query without escaping.CWE-89
sort_ascquery paramindex.php?entity=nearevents&id=1&sort_field=Name&sort_asc=1Second-order SQL injection via getNearEvents() where stored value from Events.Name is concatenated into a SQL query without escaping.CWE-89
idquery paramindex.php?entity=nearevents&id=1&sort_field=Name&sort_asc=1Second-order SQL injection via getNearEvents() where stored value from Events.Name is concatenated into a SQL query without escaping.CWE-89
entityquery paramindex.php?entity=nearevents&id=1&sort_field=Name&sort_asc=1Second-order SQL injection via getNearEvents() where stored value from Events.Name is concatenated into a SQL query without escaping.CWE-89
requestrequest bodyindex.phpPhase 1 unsafe write: attacker renames an event with a payload stored in the database; Phase 2 reads it back and concatenates into a vulnerable SQL query in getNearEvents().CWE-89
actionrequest bodyindex.phpPhase 1 unsafe write: attacker renames an event with a payload stored in the database; Phase 2 reads it back and concatenates into a vulnerable SQL query in getNearEvents().CWE-89
idrequest bodyindex.phpPhase 1 unsafe write: attacker renames an event with a payload stored in the database; Phase 2 reads it back and concatenates into a vulnerable SQL query in getNearEvents().CWE-89
eventNamerequest bodyindex.phpPhase 1 unsafe write: attacker renames an event with a payload stored in the database; Phase 2 reads it back and concatenates into a vulnerable SQL query in getNearEvents().CWE-89

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 10:27Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.18.8
EPSS0.0048
SSVC
74