Описание
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
Ссылки
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.36.33 (включая)
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.0189
Низкий
6.6 Medium
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 6.6
ubuntu
больше 1 года назад
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
CVSS3: 6.6
debian
больше 1 года назад
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an ...
EPSS
Процентиль: 83%
0.0189
Низкий
6.6 Medium
CVSS3
Дефекты
CWE-94