CVE-2024-51482
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-51482. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 23.7% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Available Exploits
ZoneMinder v1.37.* <= 1.37.64 - SQL Injection
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
References:
- https://securityonline.info/zoneminders-cve-2024-51482-a-10-10-severity-vulnerability-exposes-sql-databases/
- https://github-production-user-asset-6210df.s3.amazonaws.com/104687644/381894613-3cc50e51-68cf-4540-8225-4288f73e0c08.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20241129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241129T074108Z&X-Amz-Expires=300&X-Amz-Signature=9cc5b01b0482cbd5573c223a1d44e9ffed10afd7d042d76e8308dfcf3bb7e8a5&X-Amz-SignedHeaders=host
- https://nvd.nist.gov/vuln/detail/CVE-2024-51482