CVE-2016-10204

CRITICAL

Zoneminder < 1.30.0 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.

Exploits (1)

nomisec WORKING POC 2 stars

by 0xNullComet · poc

https://github.com/0xNullComet/CVE-2016-10204_Webshell

View Code ZIP pw:eip

References (2)

[Exploit, Mailing List] http://www.openwall.com/lists/oss-security/2017/02/05/1

[Exploit, Third Party Advisory] https://www.foxmole.com/advisories/foxmole-2016-07-05.txt

Scores

CVSS v3 9.8

EPSS 0.0030

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

zoneminder/zoneminder < 1.30.0

Published Mar 03, 2017

Tracked Since Feb 18, 2026