Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39291


ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.


Published

2022-10-07T21:15:11.770

Last Modified

2024-11-21T07:17:58.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-20

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application zoneminder zoneminder < 1.36.27 Yes
Application zoneminder zoneminder < 1.37.24 Yes

References