返回 CVE 浏览器

CVE-2019-8423

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1380%

EPSS Percentile35.69th

Published2019年2月18日

Last Modified2024年11月21日

Vulnerability Description

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

Affected Platforms (CPE)

📦

Zoneminder

Zoneminder

<= 1.32.3

References & Advisories

🔗 https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection

🔗 https://www.seebug.org/vuldb/ssvid-97761

🔗 https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection

🔗 https://www.seebug.org/vuldb/ssvid-97761

相关漏洞威胁

CVE-2008-388210.0

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary comman...

CVE-2018-10008329.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...

CVE-2018-10008339.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...

CVE-2019-69919.8

A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1...