ZoneMinder SQL注入漏洞

ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Versions of ZoneMinder prior to 1.36.37, as well as versions 1.37.61 to 1.38.0, have a SQL injection vulnerability. This vulnerability stems from the...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

Linux Distros Unpatched Vulnerability : CVE-2025-65791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

UBUNTU-CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

ZoneMinder 安全漏洞

ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Version 1.36.34 of ZoneMinder contains a security vulnerability. This vulnerability stems from user input that is passed directly into the exec function in...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

Exploit for CVE-2025-65791

CVE-2025-65791 — Command Injection in ZoneMinder Overview...

CVE-2018-1000832

ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

CVE-2018-1000833

ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

CVE-2019-7350

Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...

CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7349

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorV4LCapturesPerFrame' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7352

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'state' aka Run State state.php does no input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...

CVE-2019-7334

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...

CVE-2019-7343

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorMethod' parameter value in the view monitor monitor.php because proper filtration is omitted...