CVE-2022-39290 – CSRF key bypass using HTTP methods in zoneminder
https://notcve.org/view.php?id=CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. • https://www.exploit-db.com/exploits/51071 http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q • CWE-287: Improper Authentication •
CVE-2022-39289 – Database log access in ZoneMinder
https://notcve.org/view.php?id=CVE-2022-39289
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. ZoneMinder es una aplicación de software de televisión en circuito cerrado, gratuita y de código abierto. • https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVE-2022-39285 – Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
https://notcve.org/view.php?id=CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. • https://www.exploit-db.com/exploits/51071 http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29806 – ZoneMinder Language Settings Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. ZoneMinder antes de la versión 1.36.13 permite la ejecución remota de código a través de un lenguaje no válido. La capacidad de crear un archivo de registro de depuración en una ruta arbitraria contribuye a la explotabilidad • http://packetstormsecurity.com/files/166980/ZoneMinder-Language-Settings-Remote-Code-Execution.html https://forums.zoneminder.com/viewtopic.php?t=31638 https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb https://github.com/ZoneMinder/zoneminder/releases/tag/1.36.13 https://krastanoel.com/cve/2022-29806 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •