API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges
Package
zoneminder
(ZoneMinder)
Affected versions
<= 1.36.26, <= 1.37.23
Patched versions
1.36.27, 1.37.24
Impact
ZoneMinder installations with users without System Edit or View privileges.
Patches
[34ffd92]
Workarounds
Disable Database Logging
For more information
If you have any questions or comments about this advisory: