CVE-2024-43360

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Sep 4, 2024
CWE ID 89

Summary

CVE-2024-43360 is a time-based SQL injection vulnerability affecting ZoneMinder, an open-source closed-circuit television software application. Maliciously crafted requests can manipulate the application's SQL queries, potentially leading to unauthorized access to sensitive data or system takeover. This issue has been resolved in versions 1.36.34 and 1.37.61. Users are encouraged to upgrade to these versions to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share