CVE-2008-3880

SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.

Published: Sep 2, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3880
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
zoneminder / zoneminder	1.21.1	1.21.1.x
zoneminder / zoneminder	1.23.1	1.23.1.x
zoneminder / zoneminder	1.23.0	1.23.0.x
zoneminder / zoneminder	1.19.1	1.19.1.x
zoneminder / zoneminder	1.19.4	1.19.4.x
zoneminder / zoneminder	0.9.11	0.9.11.x
zoneminder / zoneminder	1.21.3	1.21.3.x
zoneminder / zoneminder	1.21.2	1.21.2.x
zoneminder / zoneminder	-	1.23.3.x
zoneminder / zoneminder	0.9.8	0.9.8.x
zoneminder / zoneminder	0.9.10	0.9.10.x
zoneminder / zoneminder	1.18.1	1.18.1.x
zoneminder / zoneminder	1.21.0	1.21.0.x
zoneminder / zoneminder	0.9.9	0.9.9.x
zoneminder / zoneminder	0.9.14	0.9.14.x
zoneminder / zoneminder	1.22.2	1.22.2.x
zoneminder / zoneminder	1.19.3	1.19.3.x
zoneminder / zoneminder	0.0.1	0.0.1.x
zoneminder / zoneminder	1.20.1	1.20.1.x
zoneminder / zoneminder	1.17.1	1.17.1.x
zoneminder / zoneminder	1.22.0	1.22.0.x
zoneminder / zoneminder	1.22.3	1.22.3.x
zoneminder / zoneminder	0.9.16	0.9.16.x
zoneminder / zoneminder	0.9.13	0.9.13.x
zoneminder / zoneminder	1.19.5	1.19.5.x
zoneminder / zoneminder	1.18.0	1.18.0.x
zoneminder / zoneminder	1.23.2	1.23.2.x
zoneminder / zoneminder	1.17.2	1.17.2.x
zoneminder / zoneminder	1.21.4	1.21.4.x
zoneminder / zoneminder	0.9.12	0.9.12.x
zoneminder / zoneminder	1.22.1	1.22.1.x
zoneminder / zoneminder	1.19.0	1.19.0.x
zoneminder / zoneminder	0.9.7	0.9.7.x
zoneminder / zoneminder	1.17.0	1.17.0.x
zoneminder / zoneminder	1.20.0	1.20.0.x
zoneminder / zoneminder	1.19.2	1.19.2.x
zoneminder / zoneminder	0.9.15	0.9.15.x

Vulnerability Database

290,300

CVE-2008-3880