Exploitation Summary
EIP tracks 11 public exploits for CVE-2024-51482. PoCs published by ben-slates, 0xDaeras, mattiapertusati. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository provides a detailed technical analysis of a multi-stage exploitation scenario involving SQL Injection in ZoneMinder (CVE-2024-51428) and Remote Code Execution in motionEye. It includes step-by-step exploitation steps, root cause analysis, and remediation recommendations.
Description
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Exploits (11)
This repository provides a detailed technical analysis of a multi-stage exploitation scenario involving SQL Injection in ZoneMinder (CVE-2024-51428) and Remote Code Execution in motionEye. It includes step-by-step exploitation steps, root cause analysis, and remediation recommendations.
This repository contains a functional time-based blind SQL injection exploit for CVE-2024-51482 in ZoneMinder. The exploit targets the 'removetag' endpoint, allowing authenticated attackers to extract database information via timing delays.
The repository lacks exploit code and only references CVE-2024-51482 in a vague context (HackTheBox challenge). No technical details, patch analysis, or PoC are provided.
This repository contains a penetration test report detailing a black box assessment of HackTheBox's CCTV machine, achieving root compromise via a chain of vulnerabilities including SQL injection (CVE-2024-51482) and RCE in motionEye (CVE-2025-60787). The report provides an overview of the attack path but lacks specific technical details or exploit code.
This repository contains a functional Python exploit for CVE-2024-51482, a blind SQL injection vulnerability in ZoneMinder. The exploit uses time-based techniques with repeated queries to reliably extract data from the database.
This repository contains a functional Python script for exploiting CVE-2024-51482, a time-based SQL injection vulnerability in ZoneMinder. The script automates database extraction, table enumeration, and data dumping using concurrent requests for efficiency.
This repository contains a functional Python-based SQL injection exploit for CVE-2024-51482, targeting ZoneMinder versions 1.37 to 1.37.64. The exploit uses time-based blind SQL injection with optimized character extraction and parallel processing to dump user credentials from the database.
This repository contains a functional Python-based exploit for CVE-2024-51482, a blind SQL injection vulnerability in ZoneMinder. The exploit includes authentication, baseline timing measurement, vulnerability verification, and data extraction capabilities.
This repository contains a functional Python-based exploit for CVE-2024-51482, a time-based blind SQL injection vulnerability in ZoneMinder v1.37.* <= 1.37.64. The exploit includes authentication handling, multi-threaded data extraction, and various enumeration options for databases, tables, and columns.
This is a detailed technical writeup describing a multi-stage exploitation chain involving SQL Injection (CVE-2024-51428) in ZoneMinder and Remote Code Execution in motionEye. It includes root cause analysis, patch recommendations, and step-by-step exploitation details.
This repository contains a functional proof-of-concept exploit for CVE-2024-51482, a boolean-based SQL injection vulnerability in ZoneMinder versions 1.37.* up to 1.37.64. The exploit targets the web/ajax/event.php endpoint and allows for database enumeration, including extracting usernames and password hashes from the Users table.
Nuclei Templates (1)
title:"ZoneMinder"
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H