Vulnerability CVE-2024-45174


Published: 2024-09-04

Description:
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
Matthias Deeg
10.09.2024

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030

Copyright 2024, cxsecurity.com

 

Back to Top