CVE-2024-45174
HIGHza-internet C-MOR Video Surveillance <6.00PL01 - SQL Injection
Title source: llmDescription
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.
References (3)
Core 3
Core References
Exploit, Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt
Vendor Advisory
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Sep/11
Scores
CVSS v3
8.1
EPSS
0.0131
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (2)
c-mor/c-mor_video_surveillance
5.2401
c-mor/c-mor_video_surveillance
6.00 patch_level_01
Published
Sep 04, 2024
Tracked Since
Feb 18, 2026