← volver
CVE-2024-51482

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64

CVSS 10 CRITICALEPSS 36.9%CWE-89
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
ZoneMinder · zoneminder
PoCs públicas encontradas9
githubgithub.com/plur1bu5/CVE-2024-51482-PoC14githubgithub.com/BridgerAlderson/CVE-2024-514828githubgithub.com/0xDaeras/CVE-2024-51482-POC7githubgithub.com/Erhui-Li/CVE-2024-51482-ZoneMinder-CCTV-HTB-Reliable-EXP0githubgithub.com/Revnin/CCTV-MACHINE0githubgithub.com/BwithE/CVE-2024-514820githubgithub.com/mattiapertusati/htb-cctv0githubgithub.com/Ravi-lk/CVE-2024-51482-ZoneMinder-v1.37.-1.37.64-SQL-Injection-POC0githubgithub.com/lnn0v4/sqli-hunter-CVE-2024-51482-PoC0
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59fhttps://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3