CVE-2023-26034 – ZoneMinder SQL Injection
https://notcve.org/view.php?id=CVE-2023-26034
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. • https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-26032 – ZoneMinder contains SQL injection via malicious Jason Web Token
https://notcve.org/view.php?id=CVE-2023-26032
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. • https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-25825 – ZoneMinder contains Cross-site Scripting via log viewing
https://notcve.org/view.php?id=CVE-2023-25825
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33. • https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81 https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0 https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-30768
https://notcve.org/view.php?id=CVE-2022-30768
A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method. Un problema de Cross Site Scripting (XSS) almacenado en ZoneMinder 1.36.12 permite a un atacante ejecutar código HTML o JavaScript a través del campo Nombre de Usuario cuando un Administrador (o usuarios no Administradores que pueden ver a otros usuarios conectados a la plataforma) hacen clic en Cerrar Sesión. NOTA: esto existe en versiones posteriores a CVE-2019-7348 y requiere un método de ataque diferente. • https://github.com/ZoneMinder/zoneminder/releases https://medium.com/%40dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-30769
https://notcve.org/view.php?id=CVE-2022-30769
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. La fijación de sesiones existe en ZoneMinder hasta la versión 1.36.12, ya que un atacante puede envenenar una cookie de sesión para el siguiente usuario que haya iniciado sesión. • https://github.com/ZoneMinder/zoneminder/releases https://medium.com/%40dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3 • CWE-384: Session Fixation •