Lucene search
Veracode Vulnerability DatabaseVERACODE:39633HistoryMar 10, 2023 - 4:24 p.m.
SQL Injection
2023-03-1016:24:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
zoneminder
sql injection
jwt
hash key
zoneminder is vulnerable to SQL Injection attacks. An attacker could use a malicious JWT token to execute SQL queries, as the Username field of the JWT token was trusted. If the HASH key used by ZoneMinder was determined, the attacker could generate a malicious JWT token and use it to execute arbitrary SQL queries.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zoneminder:sid | eq | 1.34.21-1 | |
| zoneminder:sid | eq | 1.36.7+dfsg1-1 | |
| zoneminder:sid | eq | 1.34.21-1 | |
| zoneminder:sid | eq | 1.36.7+dfsg1-1 |
Related
ubuntucve
ubuntucve
CVE-2023-26032
2023-02-25 00:00:00
osv
osv
CVE-2023-26032
2023-02-25 01:15:56
debiancve
debiancve
CVE-2023-26032
2023-02-25 01:15:56
prion
prion
Sql injection
2023-02-25 01:15:00
cve
cve
CVE-2023-26032
2023-02-25 01:15:56
cvelist
cvelist
nvd
nvd
CVE-2023-26032
2023-02-25 01:15:56
openvas
openvas
ZoneMinder < 1.36.33, 1.37.x < 1.37.33 Multiple Vulnerabilities
2023-02-27 00:00:00
wallarmlab
wallarmlab