CVE-2024-51482

NameCVE-2024-51482
DescriptionZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zoneminder (PTS)bullseye1.34.23-1fixed
sid, bookworm1.36.33+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zonemindersource(unstable)(not affected)

Notes

- zoneminder <not-affected> (Vulnerable code not present)
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3
Introduced with: https://github.com/ZoneMinder/zoneminder/commit/18d74ed7aca52c6fad860046c5ec9be739a86e45 (1.37.61)
Fixed by: https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f

Search for package or bug name: Reporting problems