Описание
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
Ссылки
- Broken Link
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:motioneye_project:motioneye:0.42.1:*:*:*:*:*:*:*
cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta1:*:*:*:*:*:*
cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta2:*:*:*:*:*:*
cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta3:*:*:*:*:*:*
cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta4:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.22906
Средний
7.2 High
CVSS3
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.2
github
около 1 месяца назад
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
EPSS
Процентиль: 96%
0.22906
Средний
7.2 High
CVSS3
Дефекты
CWE-20