Showing 1 - 1 of 1

CVE-2022-39291

Status Candidate

Overview

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.

Related Files

Zoneminder Log Injection / XSS / Cross Site Request Forgery: Posted Mar 27, 2023; Authored by Trenches Of IT; Zoneminder versions prior to 1.37.24 suffers from log injection, persistent cross site scripting, and cross site request forgery bypass vulnerabilities.; tags | exploit, vulnerability, xss, csrf; advisories | CVE-2022-39285, CVE-2022-39290, CVE-2022-39291; SHA-256 | 7f2d7b2109effa89c42426fb2a37d2db4477afb6d83762ad9be8fd5a6f74a537; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 243 files
Ubuntu 85 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

CVE-2022-39291

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems