CVE-2024-43360
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 12, 2024
Updated: Sep 4, 2024
CWE ID 89
Summary
CVE-2024-43360 is a time-based SQL injection vulnerability affecting ZoneMinder, an open-source closed-circuit television software application. Maliciously crafted requests can manipulate the application's SQL queries, potentially leading to unauthorized access to sensitive data or system takeover. This issue has been resolved in versions 1.36.34 and 1.37.61. Users are encouraged to upgrade to these versions to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- ZoneMinder
Affected Vendors
- Zoneminder