SQL Injection Vulnerability in C-MOR Video Surveillance Software by za-internet
CVE-2024-45174

Currently unrated

Key Information:

Vendor: za-internet
Status: C-MOR Video Surveillance
Vendor: CVE Published:; 4 September 2024

🔔 Create za-internet Vulnerability Alert

What is CVE-2024-45174?

A vulnerability in the C-MOR Video Surveillance software versions 5.2401 and 6.00PL01 allows an authenticated user to exploit improper validation of user-supplied data. This results in potential SQL injection attacks where arbitrary SQL commands can be executed within the MySQL database. Such vulnerabilities can lead to unauthorized data access and manipulation, posing significant security risks to affected systems.

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...

https://www.syss.de/pentest-blog/mehrere-sicherheitsschwa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024