CVE-2024-51482

{"id": "CVE-2024-51482", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2024-10-31T18:15:05.997", "references": [{"url": "https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f", "source": "security-advisories@github.com"}, {"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65."}, {"lang": "es", "value": "ZoneMinder es una aplicaci\u00f3n de software de circuito cerrado de televisi\u00f3n gratuita y de c\u00f3digo abierto. ZoneMinder v1.37.* &lt;= 1.37.64 es vulnerable a la inyecci\u00f3n SQL basada en booleanos en funci\u00f3n de web/ajax/event.php. Esto se solucion\u00f3 en 1.37.64."}], "lastModified": "2024-11-05T14:15:14.840", "sourceIdentifier": "security-advisories@github.com"}