CVE-2016-10206 — Cross-Site Request Forgery in Zoneminder

CWE-352 — Cross-Site Request Forgery6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 67.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedMar 3

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.30.4+dfsg-1 (bookworm)

▶Debianzoneminder/zoneminder< 1.30.4+dfsg-1+3

▶NVDzoneminder/zoneminder1.30.0

🔴Vulnerability Details

GHSA

GHSA-8rjm-4xf2-pmw3: Cross-site request forgery (CSRF) vulnerability in Zoneminder 1↗2022-05-17

▶

OSV

CVE-2016-10206: Cross-site request forgery (CSRF) vulnerability in Zoneminder 1↗2017-03-03

▶

📋Vendor Advisories

Debian

CVE-2016-10206: zoneminder - Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier a...↗2016

▶

💬Community

Bugzilla

CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues↗2017-03-07

▶

Bugzilla

CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues [fedora-all]↗2017-03-07

▶