RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zoneminder
Zoneminder zoneminder |
|
Weaknesses | CWE-94 | |
CPEs | cpe:2.3:a:zoneminder:zoneminder:-:*:*:*:*:*:*:* | |
Vendors & Products |
Zoneminder
Zoneminder zoneminder |
|
Metrics |
cvssV3_1
|
Tue, 15 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An arbitrary file upload vulnerability in the Languages folder of Zoneminder up to v1.36.33 allows attackers to execute arbitrary code via uploading a crafted PHP file. | RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. |
Tue, 15 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An arbitrary file upload vulnerability in the Languages folder of Zoneminder up to v1.36.33 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-15T00:00:00
Updated: 2024-10-16T18:56:57.965Z
Reserved: 2023-04-29T00:00:00
Link: CVE-2023-31493
Vulnrichment
Updated: 2024-10-16T18:53:52.321Z
NVD
Status : Awaiting Analysis
Published: 2024-10-15T15:15:12.393
Modified: 2024-10-16T19:35:04.040
Link: CVE-2023-31493
Redhat
No data.