CVE-2023-26037: SQL Injection
First published: Sat Feb 25 2023(Updated: )
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoneminder Zoneminder | <1.36.33 | |
| Zoneminder Zoneminder | >=1.37.00<1.37.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-26037?
CVE-2023-26037 is a vulnerability in ZoneMinder, a free open-source CCTV software for Linux, that allows for SQL Injection.
How does CVE-2023-26037 affect ZoneMinder?
CVE-2023-26037 affects ZoneMinder versions prior to 1.36.33 and 1.37.33, allowing an attacker to execute arbitrary SQL queries.
What is the severity of CVE-2023-26037?
CVE-2023-26037 has a severity rating of 9.8 (Critical).
How can I fix CVE-2023-26037 in ZoneMinder?
To fix CVE-2023-26037, upgrade ZoneMinder to version 1.36.33 or 1.37.33 or later.
Where can I find more information about CVE-2023-26037?
More information about CVE-2023-26037 can be found in the ZoneMinder GitHub security advisory: <a href='https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733'>https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733</a>
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- vendor/zoneminder
- canonical/zoneminder zoneminder
- version/zoneminder zoneminder/1.37.00