CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8424
https://notcve.org/view.php?id=CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. ZoneMinder, en versiones anteriores a la 1.32.3, tiene una inyección SQL mediante el parámetro sort en ajax/status.php. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection https://www.seebug.org/vuldb/ssvid-97763 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8428
https://notcve.org/view.php?id=CVE-2019-8428
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. ZoneMinder, en versiones anteriores a la 1.32.3, tiene una inyección SQL mediante el parámetro groupSql en skins/classic/views/control.php, tal y como queda demostrado con un nuevo valor newGroup[MonitorIds][]. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli https://www.seebug.org/vuldb/ssvid-97765 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8429
https://notcve.org/view.php?id=CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. ZoneMinder, en versiones anteriores a la 1.32.3, tiene una inyección SQL mediante el parámetro filter[Query][terms][0][cnj] en ajax/status.php. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-393-sql-injection https://www.seebug.org/vuldb/ssvid-97762 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8427
https://notcve.org/view.php?id=CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. daemonControl en includes/functions.php en ZoneMinder, en versiones anteriores a la 1.32.3, permite la inyección de comandos mediante metacaracteres shell. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#includesfunctionsphp-daemoncontrol-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8426
https://notcve.org/view.php?id=CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. skins/classic/views/controlcap.php en ZoneMinder, en versiones anteriores a la 1.32.3, tiene Cross-Site Scripting (XSS) mediante el array newControl, tal y como queda demostrado con el parámetro newControl[MinTiltRange]. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss https://www.seebug.org/vuldb/ssvid-97766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •