Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

Published

2024-08-12T21:15:33.813

Last Modified

2024-09-04T21:42:20.023

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zoneminder	zoneminder	< 1.36.34	Yes
Application	zoneminder	zoneminder	< 1.37.61	Yes

References

https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a Patch ([email protected])
https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6 Patch ([email protected])
https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397 Patch ([email protected])
https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5 Patch ([email protected])
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj Exploit, Vendor Advisory ([email protected])