Title: ZoneMinder Multiple Input Validation Security Vulnerabilities
Severity: HIGH
Description:
ZoneMinder is a freely available application designed to control and record video from security cameras. It contains a web-based administrative application implemented in PHP.
Since it fails to adequately sanitize user-supplied input, ZoneMinder is prone to multiple input-validation vulnerabilities:
1. Multiple remote command-injection vulnerabilities affect the following scripts:
'zm_html_view_events.php': The 'executeFilter()' function fails to validate user-supplied input.
'zm_html_view_state.php': The 'run_state' parameter isn't validated.
2. An SQL-injection issue affects the 'filter' parameter in the 'zm_html_view_event.php' script.
3. Multiple cross-site scripting vulnerabilities affect unspecified parameters in the 'zm_html_view_*.php' scripts.
Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
ZoneMinder 1.23.3 is vulnerable; other versions may also be affected.
Affected Products:
- Triornis ZoneMinder 1.17.0 .0
- Triornis ZoneMinder 1.17.1
- Triornis ZoneMinder 1.17.2
- Triornis ZoneMinder 1.18.0 .0
- Triornis ZoneMinder 1.18.1
- Triornis ZoneMinder 1.19.0 .0
- Triornis ZoneMinder 1.19.1
- Triornis ZoneMinder 1.19.2
- Triornis ZoneMinder 1.19.3
- Triornis ZoneMinder 1.23.2
- Triornis ZoneMinder 1.23.3
References:
- Triornis Ltd.: ZoneMinder Home Page