CVE-2016-10206

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

Published: Mar 3, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-10206
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
zoneminder / zoneminder	-	1.30.0.x

http://www.openwall.com/lists/oss-security/2017/02/05/1
http://www.securityfocus.com/bid/97114
https://www.foxmole.com/advisories/foxmole-2016-07-05.txt

Vulnerability Database

290,300

CVE-2016-10206