3 matches found
DEBIAN-CVE-2023-26036
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...
DEBIAN-CVE-2023-26034
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...
PT-2023-20435 · Unknown +2 · Zoneminder +2
Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 and 1.37.33 Description: The issue concerns SQL Injection via a malicious JSON web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could...