Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8423PUBLISHED: 2019-02-18ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424PUBLISHED: 2019-02-18ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425PUBLISHED: 2019-02-18includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426PUBLISHED: 2019-02-18skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8427PUBLISHED: 2019-02-18daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
User Rank: Author
10/5/2018 | 5:29:08 PM