CVE-2024-51482

CRITICAL NUCLEI

ZoneMinder <1.37.64 - SQL Injection

Title source: llm

Description

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

Exploits (6)

nomisec WORKING POC

by plur1bu5 · poc

https://github.com/plur1bu5/CVE-2024-51482-PoC

View Code ZIP pw:eip

nomisec WRITEUP

by Gh0s7Ops · poc

https://github.com/Gh0s7Ops/CVE-2024-51482-Multi-Stage-Surveillance-System-Exploit

View Code ZIP pw:eip

nomisec WORKING POC

by BridgerAlderson · poc

https://github.com/BridgerAlderson/CVE-2024-51482

View Code ZIP pw:eip

nomisec WORKING POC

by Ravi-lk · poc

https://github.com/Ravi-lk/CVE-2024-51482-ZoneMinder-v1.37.-1.37.64-SQL-Injection-POC

View Code ZIP pw:eip

nomisec WORKING POC

by lnn0v4 · poc

https://github.com/lnn0v4/sqli-hunter-CVE-2024-51482-PoC

View Code ZIP pw:eip

nomisec WORKING POC

by BwithE · poc

https://github.com/BwithE/CVE-2024-51482

View Code ZIP pw:eip

Nuclei Templates (1)

ZoneMinder v1.37.* <= 1.37.64 - SQL Injection

CRITICALby ritikchaddha

Shodan: title:"ZoneMinder"

References (2)

[Patch] https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f

[Vendor Advisory] https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3

Scores

CVSS v3 9.9

EPSS 0.5191

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-89

Status draft

Timeline

Published Oct 31, 2024

Tracked Since Feb 18, 2026