Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-17
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Products | Zoneminder |
Type | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
First patch | - None (likely due to unavailable code) |
Links |
• https://www.seebug.org/vuldb/ssvid-97761
• https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection |