CVE-2016-10206

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
03/03/2017
Last modified:
20/04/2025

Description

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* 1.30.0 (including)