CSRF Vulnerability in ZoneMinder: Bypassing CSRF Check with Try Again Button
CVE-2019-7346 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.
Learn more about our Web Application Penetration Testing UK.