Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-51482 — SQL Injection in Zoneminder

CWE-89 — SQL Injection5 documents5 sources

Severity

9.9CRITICALNVD

EPSS

54.9%

top 1.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedOct 31

Description

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶debiandebian/zoneminder

▶CVEListV5zoneminder/zoneminder>= 1.37.0, < 1.37.65

🔴Vulnerability Details

OSV

CVE-2024-51482: ZoneMinder is a free, open source closed-circuit television software application↗2024-10-31

▶

💥Exploits & PoCs

Nuclei

ZoneMinder v1.37.* <= 1.37.64 - SQL Injection

▶

📋Vendor Advisories

Debian

CVE-2024-51482: zoneminder - ZoneMinder is a free, open source closed-circuit television software application...↗2024

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter December 2025↗

▶