Lucene search

[email protected]NVD:CVE-2024-43360

HistoryAug 12, 2024 - 9:15 p.m.

CVE-2024-43360

2024-08-1221:15:33

CWE-89

[email protected]

web.nvd.nist.gov

zoneminder

cctv software

sql injection

vulnerability

fixed

version 1.36.34

version 1.37.61

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.7%

JSON

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

Affected configurations

Nvd

Node

zoneminderzoneminderRange<1.36.34

zoneminderzoneminderRange1.37.00–1.37.61

VendorProductVersionCPE
zoneminderzoneminder*cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zoneminder	zoneminder	*	cpe:2.3:a:zoneminder:zoneminder::::::::

References

github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a

github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6

github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397

github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5

github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.7%

JSON

Related for NVD:CVE-2024-43360

ubuntucve1 vulnrichment1 debiancve1 cve1 cvelist1 osv1 alpinelinux1 openvas1