📦 Zoneminder
by Zoneminder
🔍 What is Zoneminder?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-65791 is a critical command injection vulnerability in ZoneMinder's image.php component that allows attackers to execute arbitrary commands on the server. This affects all ZoneMinder installa...
ZoneMinder CCTV software contains a time-based SQL injection vulnerability (CWE-89) that allows attackers to execute arbitrary SQL commands by manipulating time-based parameters. This affects all Zone...
ZoneMinder versions before 1.36.33 and 1.37.33 contain a SQL injection vulnerability in the filter query parameter. Attackers with View or Edit permissions can execute arbitrary SQL commands, potentia...
ZoneMinder versions 1.36.37 and below and 1.37.61 through 1.38.0 contain a second-order SQL injection vulnerability in the web/ajax/status.php file. Authenticated users with Events edit and view permi...
CVE-2023-41884 is an SQL injection vulnerability in ZoneMinder's watch.php component that allows attackers to execute arbitrary SQL commands. This affects ZoneMinder installations with the vulnerable ...
ZoneMinder versions before 1.36.33 and 1.37.33 have an unauthenticated remote code execution vulnerability. Attackers can execute arbitrary commands on the server without authentication by exploiting ...
CVE-2023-26037 is an SQL injection vulnerability in ZoneMinder CCTV software that allows attackers to execute arbitrary SQL commands through the minTime and maxTime parameters. This affects all ZoneMi...
CVE-2023-26039 is an OS command injection vulnerability in ZoneMinder's HostController.php that allows authenticated users to execute arbitrary shell commands as the web server user. This affects all ...
ZoneMinder versions before 1.36.33 are vulnerable to stored cross-site scripting (XSS) through malicious referrer field injection in database logs. When administrators view logs in the web interface, ...