What is CVE-2024-43360?

CVE-2024-43360 is a critical-severity vulnerability in Zoneminder, classified under SQL Injection. CVSS score: 9.8/10. Published 2024-08-12.

How severe is CVE-2024-43360?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2024-43360 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Zoneminder

CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

Vulnerability class: SQL Injection

EPSS: 0.633 (98.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Zoneminder — versions < 1.36.34, >= 1.37.0, < 1.37.61

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj (x_refsource_CONFIRM)
https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a (x_refsource_MISC)
https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6 (x_refsource_MISC)
https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397 (x_refsource_MISC)
https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-43360?: CVE-2024-43360 is a critical-severity vulnerability in Zoneminder, classified under SQL Injection. CVSS score: 9.8/10. Published 2024-08-12.
How severe is CVE-2024-43360?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2024-43360 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.