CVE-2024-45174

Name of the Vulnerable Software and Affected Versions za-internet C-MOR Video Surveillance versions 5.2401 through 6.00PL01

Description An issue was discovered due to improper validation of user-supplied data, making different functionalities of the C-MOR web interface vulnerable to SQL injection attacks. This allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.

Recommendations For versions 5.2401 through 6.00PL01, as a temporary workaround, consider restricting access to the C-MOR web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.