CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

History

04 Sep 2024, 21:42

Type Values Removed Values Added
CPE cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*
First Time Zoneminder zoneminder
Zoneminder
References () https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a - () https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a - Patch
References () https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6 - () https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6 - Patch
References () https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397 - () https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397 - Patch
References () https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5 - () https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5 - Patch
References () https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj - () https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj - Exploit, Vendor Advisory

13 Aug 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) ZoneMinder es una aplicación de software de circuito cerrado de televisión de código abierto y gratuita. ZoneMinder se ve afectado por una vulnerabilidad de inyección SQL basada en el tiempo. Esta vulnerabilidad se solucionó en 1.36.34 y 1.37.61.

12 Aug 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 21:15

Updated : 2024-09-04 21:42


NVD link : CVE-2024-43360

Mitre link : CVE-2024-43360

CVE.ORG link : CVE-2024-43360


JSON object : View

Products Affected

zoneminder

  • zoneminder
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')