CVE-2019-8428

Опубликовано: 18 фев. 2019

Источник: debian

Описание

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
zoneminder	fixed	1.34.6-1		package

Примечания

See README.Debian.security, only supported behind an authenticated HTTP zone
https://github.com/ZoneMinder/zoneminder/pull/2422
https://github.com/ZoneMinder/zoneminder/commit/c0a6e54d60d3a8f297cc5f2ef6a862f6f00d746e

Связанные уязвимости

CVE-2019-8428

CVSS3: 9.8

ubuntu

почти 7 лет назад

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

CVE-2019-8428

CVSS3: 9.8

nvd

почти 7 лет назад

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

GHSA-7f2f-855w-j2r6

CVSS3: 9.8

github

больше 3 лет назад

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.