CSRF Vulnerability in ZoneMinder: Bypassing CSRF Check with Try Again Button

CSRF Vulnerability in ZoneMinder: Bypassing CSRF Check with Try Again Button

CVE-2019-7346 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.

Learn more about our Web Application Penetration Testing UK.