CVE-2024-45174

HIGH

za-internet C-MOR Video Surveillance <6.00PL01 - SQL Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.

Scores

CVSS v3 8.1
EPSS 0.0131
EPSS Percentile 67.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
c-mor/c-mor_video_surveillance 5.2401
c-mor/c-mor_video_surveillance 6.00 patch_level_01
Published Sep 04, 2024
Tracked Since Feb 18, 2026