Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

ZoneMinder SQL注入漏洞

ZoneMinder是ZoneMinder开源的一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.37.64及之前1.37.X版本存在SQL注入漏洞，该漏洞源于web/ajax/event.php容易受到基于布尔值的SQL注入的攻击。

N/A

N/A