{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-43360","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-08-09T14:23:55.511Z","datePublished":"2024-08-12T20:55:14.760Z","dateUpdated":"2024-08-15T19:00:59.189Z"},"containers":{"cna":{"title":"ZoneMinder Time-based SQL Injection","problemTypes":[{"descriptions":[{"cweId":"CWE-89","lang":"en","description":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj","tags":["x_refsource_CONFIRM"],"url":"https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj"},{"name":"https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a","tags":["x_refsource_MISC"],"url":"https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a"},{"name":"https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6","tags":["x_refsource_MISC"],"url":"https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6"},{"name":"https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397","tags":["x_refsource_MISC"],"url":"https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397"},{"name":"https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5","tags":["x_refsource_MISC"],"url":"https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5"}],"affected":[{"vendor":"ZoneMinder","product":"zoneminder","versions":[{"version":"< 1.36.34","status":"affected"},{"version":">= 1.37.0, < 1.37.61","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-08-12T20:55:14.760Z"},"descriptions":[{"lang":"en","value":"ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61."}],"source":{"advisory":"GHSA-9cmr-7437-v9fj","discovery":"UNKNOWN"}},"adp":[{"affected":[{"vendor":"zoneminder","product":"zoneminder","cpes":["cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"\\u003c.1.36.34","status":"affected"},{"version":"1.37.0","status":"affected","lessThanOrEqual":"1.37.61","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-15T18:53:18.459320Z","id":"CVE-2024-43360","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-15T19:00:59.189Z"}}]}}