9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
47.5%
ZoneMinder is a free, open source Closed-circuit television software
application for Linux which supports IP, USB and Analog cameras. Versions
prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability.
The (blind) SQL Injection vulnerability is present within the
filter[Query][terms][0][attr]
query string parameter of the
/zm/index.php
endpoint. A user with the View or Edit permissions of
Events may execute arbitrary SQL. The resulting impact can include
unauthorized data access (and modification), authentication and/or
authorization bypass, and remote code execution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 22.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 23.10 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 24.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 16.04 | noarch | zoneminder | < any | UNKNOWN |