zoneminder is vulnerable to SQL Injection attacks. The SQL Injection vulnerability is present in the filter[Query][terms][0][attr] query string parameter of the /zm/index.php endpoint, allowing unauthorized data access, authentication bypass, and remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
zoneminder:sid | eq | 1.34.21-1 | |
zoneminder:sid | eq | 1.36.7+dfsg1-1 | |
zoneminder:sid | eq | 1.34.21-1 | |
zoneminder:sid | eq | 1.36.7+dfsg1-1 |