Podatność CVE-2024-45174
Publikacja: 2024-09-04

Opis:
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
Matthias Deeg
10.09.2024

Typ:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 Referencje:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
Copyright 2024, cxsecurity.com

 

Back to Top