First published: Mon Feb 18 2019(Updated: )
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <1.32.3 | |
<1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-8424.
The severity of CVE-2019-8424 is classified as critical with a severity value of 9.8.
This vulnerability can be exploited through a SQL Injection attack via the ajax/status.php sort parameter in ZoneMinder before version 1.32.3.
ZoneMinder versions up to, but excluding, 1.32.3 are affected by CVE-2019-8424.
Yes, the fix for CVE-2019-8424 is to update ZoneMinder to version 1.32.3 or later.