GHSA-26f6-wm47-7h7j

Опубликовано: 03 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-j945-qm58-4gjx. This link is maintained to preserve external references.

Original Description

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-60787
https://github.com/prabhatverma47/motionEye-RCE-through-config-parameter
http://motioneye-project.com

Пакеты

Наименование

motioneye

pip

Затронутые версииВерсия исправления

Отсутствует

7.2 High

CVSS3

Дефекты

CWE-20

7.2 High

CVSS3

Дефекты

CWE-20