Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZoneMinder SQL Injection
Vulnerability Description
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
ZoneMinder SQL注入漏洞
Vulnerability Description
ZoneMinder是一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.36.33之前版本和1.37.33之前版本存在安全漏洞,该漏洞源于存在SQL注入漏洞,攻击者利用该漏洞可能进行未经授权的数据访问和修改、授权绕过以及远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A