Blackh4N

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions 1.36.33 through 1.37.43 ZoneMinder versions prior to 1.36.34 ZoneMinder versions prior to 1.37.61 Description: ZoneMinder is affected by a time-based SQL Injection vulnerability. The issue stems from improper sanitization of user input in the `sort` and `mid` parameters of the "/zm/index.php" endpoint. This vulnerability can allow an attacker to execute arbitrary code. Recommendations: For ZoneMinder versions 1.36.33 through 1.37.43, update to version 1.36.34 or later. For ZoneMinder versions prior to 1.37.61, update to version 1.37.61 or later. As a temporary workaround, consider restricting access to the "/zm/index.php" endpoint until a patch is available. Avoid using the `sort` and `mid` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MedData HBYS versions prior to 1.1 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For MedData HBYS versions prior to 1.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.