ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Loading...
Loading...
This critical-severity CVE scores 9.9 under NVD CVSS v3. EPSS exploit probability: 50.9%, top 2% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
October 31, 2024
April 15, 2026
Fix landed in ZoneMinder/zoneminder commit 9e7d31841ed9 — awaiting tagged release
https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59fMITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (3 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
Time-based SQL injection PoC for CVE-2024-51482 in ZoneMinder, with reproducible Docker lab and automated data extraction.
Open source ↗ZenoMinder Blind SQL Injection PoC
Open source ↗Authenticated time-based blind SQL injection PoC for ZoneMinder CVE-2024-51482 (v1.37.* <= 1.37.64)
Open source ↗ZoneMinder v1.37.* <= 1.37.64 - SQL Injection
Open source ↗Explore the affected products and dependency analysis for CVE-2024-51482
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.