Back to CVE Browser

CVE-2018-1000833

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0220%

EPSS Percentile29.67th

PublishedDec 20, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

Affected Platforms (CPE)

📦

Zoneminder

Zoneminder

<= 1.32.2

References & Advisories

🔗 https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2/

🔗 https://github.com/ZoneMinder/zoneminder/issues/2272

🔗 https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2/

🔗 https://github.com/ZoneMinder/zoneminder/issues/2272

Related Vulnerabilities

CVE-2008-388210.0

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary comman...

CVE-2019-84239.8

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

CVE-2019-69919.8

A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1...

CVE-2018-10008329.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...