Home > Vulnerability Database > CVE-2022-39289

Mend.io Vulnerability Database

CVE-2022-39289

Good to know:

Date: October 7, 2022

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

Url: https://security-tracker.debian.org/tracker/CVE-2022-39289

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39289

Url: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488

Url: https://www.mend.io/vulnerability-database/CVE-2022-39289

Severity Score

7.5

Weakness Type (CWE)

Authentication Issues

CWE-287

Information Leak / Disclosure

CWE-200

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version 1.36.27

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39289

Good to know:

Date: October 7, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?