Lucene search
GoogleOSV:CVE-2017-5368HistoryFeb 06, 2017 - 5:59 p.m.
CVE-2017-5368
2017-02-0617:59:00
Google
osv.dev
13
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).
Related
ubuntucve
ubuntucve
CVE-2017-5368
2017-02-06 00:00:00
cvelist
cvelist
CVE-2017-5368
2017-02-06 17:00:00
prion
prion
Cross site request forgery (csrf)
2017-02-06 17:59:00
debiancve
debiancve
CVE-2017-5368
2017-02-06 17:59:00
nvd
nvd
CVE-2017-5368
2017-02-06 17:59:00
cve
cve
CVE-2017-5368
2017-02-06 17:59:00
alpinelinux
alpinelinux
CVE-2017-5368
2017-02-06 17:59:00
openvas
openvas
ZoneMinder Multiple Vulnerabilities
2017-02-06 00:00:00
Mageia: Security Advisory (MGASA-2017-0162)
2022-01-28 00:00:00
zdt
zdt
ZoneMinder - Multiple Vulnerabilities
2017-02-05 00:00:00
packetstorm
packetstorm
ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
2017-02-06 00:00:00
mageia
mageia
Updated zoneminder packages fix security vulnerability
2017-06-10 02:05:58