CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26038 – ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`
https://notcve.org/view.php?id=CVE-2023-26038
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33. • https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26037 – ZoneMinder contains SQL Injection via report_event_audit
https://notcve.org/view.php?id=CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. • https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26036 – ZoneMinder contains Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-26036
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". • https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 96%CPEs: 2EXPL: 3CVE-2023-26035 – ZoneMinder vulnerable to Missing Authorization
https://notcve.org/view.php?id=CVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. • https://github.com/rvizx/CVE-2023-26035 https://github.com/heapbytes/CVE-2023-26035 https://github.com/Yuma-Tsushima07/CVE-2023-26035 http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr • CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26034 – ZoneMinder SQL Injection
https://notcve.org/view.php?id=CVE-2023-26034
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. • https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •