Sql injection

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...

Command injection

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters...

Design/Logic Flaw

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControlMinTiltRange parameter...

CVE-2019-8424

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...

CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...

DEBIAN-CVE-2019-8428

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroupMonitorIds value...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

Sql injection

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...

CVE-2019-8428

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroupMonitorIds value...

CVE-2019-8426

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControlMinTiltRange parameter...

CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

CVE-2019-8427

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters...

UBUNTU-CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filterQueryterms0cnj parameter...

UBUNTU-CVE-2019-8427

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters...

CVE-2019-8426

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControlMinTiltRange parameter...

CVE-2019-8427

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters...

DEBIAN-CVE-2019-8429

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...

UBUNTU-CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages...

CVE-2019-8428

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroupMonitorIds value...

CVE-2019-8429

Vulnerability summary (CVE-2019-8429) ZoneMinder pre-1.32.3 is affected by an SQL Injection in ajax/status.php via the filter[Query][terms][0][cnj] parameter. The issue, documented across multiple sources, allows database commands to be injected and isSeverity-mapping indicates high risk (NVD CVS...