CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt	Exploit Vendor Advisory
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/11	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:c-mor:c-mor_video_surveillance:5.2401:::::::*
	cpe:2.3:a:c-mor:c-mor_video_surveillance:6.00:patch_level_01::::::

History

No history.

Information

Published : 2024-09-04 17:15

Updated : 2025-09-04 16:29

NVD link : CVE-2024-45174

Mitre link : CVE-2024-45174

CVE.ORG link : CVE-2024-45174

JSON object : View

Products Affected

c-mor

c-mor_video_surveillance

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-45174", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-09-04T17:15:14.680", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/11", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en za-internet C-MOR Video Surveillance 5.2401 y 6.00PL01. Debido a la validaci\u00f3n incorrecta de los datos proporcionados por el usuario, diferentes funcionalidades de la interfaz web de C-MOR son vulnerables a ataques de inyecci\u00f3n SQL. Este tipo de ataque permite que un usuario autenticado ejecute comandos SQL arbitrarios en el contexto de la base de datos MySQL correspondiente."}], "lastModified": "2025-09-04T16:29:46.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:c-mor:c-mor_video_surveillance:5.2401:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8467E7B9-C540-49FD-A52B-A0BC41398EE9"}, {"criteria": "cpe:2.3:a:c-mor:c-mor_video_surveillance:6.00:patch_level_01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6CF9182-CFDB-411A-AFFD-2D766347035A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}