CVE-2019-7351
First published: Mon Feb 04 2019(Updated: )
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoneminder Zoneminder | <=1.32.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Log Injection vulnerability?
The vulnerability ID for this Log Injection vulnerability is CVE-2019-7351.
What is the severity of CVE-2019-7351?
The severity of CVE-2019-7351 is medium with a CVSS score of 6.5.
How does Log Injection occur in ZoneMinder?
Log Injection occurs in ZoneMinder when an attacker tricks a victim into visiting a specially crafted link that injects a customized log message.
Which version of ZoneMinder is affected by CVE-2019-7351?
ZoneMinder versions up to and including 1.32.3 are affected by CVE-2019-7351.
Is there a fix available for CVE-2019-7351?
Yes, upgrading to a version later than 1.32.3 of ZoneMinder resolves the Log Injection vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/zoneminder
- canonical/zoneminder zoneminder
- version/zoneminder zoneminder/1.32.3