CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51482 – Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
https://notcve.org/view.php?id=CVE-2024-51482
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.64. ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. • https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2024-43360 – ZoneMinder Time-based SQL Injection
https://notcve.org/view.php?id=CVE-2024-43360
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. • https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6 https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397 https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43359 – XSS vulnerabilities in montagereview
https://notcve.org/view.php?id=CVE-2024-43359
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61. • https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43358 – XSS vulnerability in filter view
https://notcve.org/view.php?id=CVE-2024-43358
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. • https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77 https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41884 – ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in watch.php
https://notcve.org/view.php?id=CVE-2023-41884
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34. • https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6 https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •