Описание
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
ZoneMinder before 1.36.13 allows remote code execution via an invalid ...
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
Уязвимость программного обеспечения для организации видеонаблюдения ZoneMinder, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2