Candidate: CVE-2019-8429
PublicDate: 2019-02-18 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8429
 https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-393-sql-injection
 https://www.seebug.org/vuldb/ssvid-97762
 https://github.com/ZoneMinder/zoneminder/issues/2399
 https://github.com/ZoneMinder/zoneminder/issues/2399
Description:
 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php
 filter[Query][terms][0][cnj] parameter.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_zoneminder:
 upstream: https://github.com/ZoneMinder/zoneminder/commit/0619a4a16178899d8b45f30977bb937da99c5394
upstream_zoneminder: needs-triage
precise/esm_zoneminder: DNE
trusty_zoneminder: not-affected (code not present)
trusty/esm_zoneminder: DNE (trusty was not-affected [code not present])
xenial_zoneminder: not-affected (code not present)
bionic_zoneminder: DNE
cosmic_zoneminder: ignored (reached end-of-life)
disco_zoneminder: ignored (reached end-of-life)
eoan_zoneminder: ignored (reached end-of-life)
focal_zoneminder: needed
groovy_zoneminder: ignored (reached end-of-life)
hirsute_zoneminder: ignored (reached end-of-life)
impish_zoneminder: needed
jammy_zoneminder: needed
devel_zoneminder: needed