Zoneminder

Zoneminder

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-27470

Exploit
  • EPSS 0.03%
  • Veröffentlicht 21.02.2026 08:05:01
  • Zuletzt bearbeitet 24.02.2026 14:48:36

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents()...

9.8

CVE-2025-65791

Exploit
  • EPSS 0.87%
  • Veröffentlicht 18.02.2026 00:00:00
  • Zuletzt bearbeitet 19.02.2026 15:53:43

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.

9.9

CVE-2024-51482

  • EPSS 50.04%
  • Veröffentlicht 31.10.2024 18:15:05
  • Zuletzt bearbeitet 05.11.2024 14:15:14

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

6.6

CVE-2023-31493

Exploit
  • EPSS 1.43%
  • Veröffentlicht 15.10.2024 15:15:12
  • Zuletzt bearbeitet 27.05.2025 13:55:33

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.

9.8

CVE-2024-43360

Exploit
  • EPSS 59.7%
  • Veröffentlicht 12.08.2024 21:15:33
  • Zuletzt bearbeitet 04.09.2024 21:42:20

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

6.1

CVE-2024-43359

  • EPSS 0.26%
  • Veröffentlicht 12.08.2024 21:15:33
  • Zuletzt bearbeitet 04.09.2024 21:43:09

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 an...

6.1

CVE-2024-43358

  • EPSS 1.32%
  • Veröffentlicht 12.08.2024 21:15:33
  • Zuletzt bearbeitet 04.09.2024 21:41:06

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.

6.5

CVE-2023-41884

Exploit
  • EPSS 0.36%
  • Veröffentlicht 12.08.2024 20:15:07
  • Zuletzt bearbeitet 13.09.2024 15:08:19

ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36...

8.2

CVE-2020-25730

  • EPSS 0.26%
  • Veröffentlicht 04.04.2024 08:15:06
  • Zuletzt bearbeitet 27.05.2025 13:59:27

Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

6.5

CVE-2023-26038

Exploit
  • EPSS 0.41%
  • Veröffentlicht 25.02.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 07:50:38

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/a...