First published: Mon Feb 18 2019(Updated: )
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <=1.32.3 | |
<=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for ZoneMinder is CVE-2019-8423.
The severity of CVE-2019-8423 is critical with a CVSS score of 9.8.
The SQL Injection occurs via the filter[Query][terms][0][cnj] parameter in skins/classic/views/events.php in ZoneMinder before version 1.32.3.
ZoneMinder version 1.32.3 and earlier are affected by this vulnerability.
Yes, upgrading to ZoneMinder version 1.32.4 or later will fix the vulnerability.