CVE-2016-10206

Published: Mar 3, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

Affected (1)

Products: Zoneminder: Zoneminder

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zoneminder Zoneminder	Up to 1.30.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.openwall.com/lists/oss-security/2017/02/05/1

Source: cve@mitre.org

ExploitMailing List

http://www.securityfocus.com/bid/97114

Source: cve@mitre.org

https://www.foxmole.com/advisories/foxmole-2016-07-05.txt

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/05/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing List

http://www.securityfocus.com/bid/97114

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.foxmole.com/advisories/foxmole-2016-07-05.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.