7 matches found
CVE-2024-45179
The CVE affects za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01. Root cause: insufficient input validation in the web interface enables OS command injection via HTTP POST data. Notable vulnerable components include generatesslreq.pml (allows low-privileged authenticated users to run...
CVE-2024-45171
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...
CVE-2024-45178
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, du...
CVE-2024-45176
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting XSS attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to...
CVE-2024-45170
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...
CVE-2024-45177
za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01 are vulnerable to persistent cross-site scripting via the web interface due to inadequate input validation. The PT Security advisory notes this can allow remote script injection. Remediation: apply the patch for 5.2401 and 6.00PL01; up...
CVE-2024-45172
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...