CVE-2019-8423: SQL Injection
First published: Mon Feb 18 2019(Updated: )
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoneminder Zoneminder | <=1.32.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for ZoneMinder?
The vulnerability ID for ZoneMinder is CVE-2019-8423.
What is the severity of CVE-2019-8423?
The severity of CVE-2019-8423 is critical with a CVSS score of 9.8.
How does the SQL Injection occur in ZoneMinder?
The SQL Injection occurs via the filter[Query][terms][0][cnj] parameter in skins/classic/views/events.php in ZoneMinder before version 1.32.3.
What is the affected software version of ZoneMinder?
ZoneMinder version 1.32.3 and earlier are affected by this vulnerability.
Is there any fix available for CVE-2019-8423?
Yes, upgrading to ZoneMinder version 1.32.4 or later will fix the vulnerability.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/zoneminder
- canonical/zoneminder zoneminder
- version/zoneminder zoneminder/1.32.3