Lucene search
Veracode Vulnerability DatabaseVERACODE:39632HistoryMar 10, 2023 - 4:24 p.m.
SQL Injection
2023-03-1016:24:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
sql injection
zoneminder
vulnerability
filter parameter
data access
authentication bypass
remote code execution
zoneminder is vulnerable to SQL Injection attacks. The SQL Injection vulnerability is present in the filter[Query][terms][0][attr] query string parameter of the /zm/index.php endpoint, allowing unauthorized data access, authentication bypass, and remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zoneminder:sid | eq | 1.34.21-1 | |
| zoneminder:sid | eq | 1.36.7+dfsg1-1 | |
| zoneminder:sid | eq | 1.34.21-1 | |
| zoneminder:sid | eq | 1.36.7+dfsg1-1 |
Related
prion
prion
Sql injection
2023-02-25 01:15:00
osv
osv
CVE-2023-26034
2023-02-25 01:15:56
debiancve
debiancve
CVE-2023-26034
2023-02-25 01:15:56
cvelist
cvelist
CVE-2023-26034 ZoneMinder SQL Injection
2023-02-25 00:58:47
ubuntucve
ubuntucve
CVE-2023-26034
2023-02-25 00:00:00
nvd
nvd
CVE-2023-26034
2023-02-25 01:15:56
cve
cve
CVE-2023-26034
2023-02-25 01:15:56
openvas
openvas
ZoneMinder < 1.36.33, 1.37.x < 1.37.33 Multiple Vulnerabilities
2023-02-27 00:00:00