zoneminder is vulnerable to SQL Injection attacks. An attacker could use a malicious JWT token to execute SQL queries, as the Username field of the JWT token was trusted. If the HASH key used by ZoneMinder was determined, the attacker could generate a malicious JWT token and use it to execute arbitrary SQL queries.
CPE | Name | Operator | Version |
---|---|---|---|
zoneminder:sid | eq | 1.34.21-1 | |
zoneminder:sid | eq | 1.36.7+dfsg1-1 | |
zoneminder:sid | eq | 1.34.21-1 | |
zoneminder:sid | eq | 1.36.7+dfsg1-1 |