|Category:||Web application abuses|
|Title:||ZoneMinder <= 1.32.2 Object Injection Vulnerability|
|Summary:||ZoneMinder is prone to an object injection vulnerability.|
ZoneMinder is prone to an object injection vulnerability.
PHP Object Deserialization Injection attacks utilise the unserialize
function within PHP. The deserialisation of the PHP object can trigger certain methods within the object,
allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc.
The ZoneMinder project overly trusted user input when processing the data obtained from a form.
Successful exploitation would allow an attacker to perform unauthorised operating system commands on the target server.
ZoneMinder through version 1.32.2.
No known solution is available as of 21st December, 2018.
Information regarding this issue will be updated once solution details are available.
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000832|
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000833
|Copyright||This script is Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.