Test ID:	1.3.6.1.4.1.25623.1.0.106564
Category:	Web application abuses
Title:	ZoneMinder < 1.30.2 Multiple Vulnerabilities - Active Check
Summary:	ZoneMinder is prone to multiple vulnerabilities.
Description:	Summary: ZoneMinder is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2017-5595: File disclosure and inclusion due to unfiltered user-input being passed to readfile() in views/file.php which allows an authenticated attacker to read local system files (e.g. /etc/passwd) in the context of the web server user (www-data). - CVE-2017-5367: Multiple reflected XSS - CVE-2017-5368: CSRF since no CSRF protection exists across the entire web app. Vulnerability Impact: An unauthenticated remote attacker may read arbitrary files. Affected Software/OS: ZoneMinder prior to version 1.30.2. Solution: Update to version 1.30.2 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5595 BugTraq ID: 96125 http://www.securityfocus.com/bid/96125 http://seclists.org/bugtraq/2017/Feb/6 http://seclists.org/fulldisclosure/2017/Feb/11 https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3 Common Vulnerability Exposure (CVE) ID: CVE-2017-5367 BugTraq ID: 96120 http://www.securityfocus.com/bid/96120 Common Vulnerability Exposure (CVE) ID: CVE-2017-5368 BugTraq ID: 96126 http://www.securityfocus.com/bid/96126
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.