Remote Code Execution Vulnerability in ZoneMinder
CVE-2023-31493

Currently unrated

Key Information:

Vendor

ZoneMinder

Vendor
CVE Published:
15 October 2024

What is CVE-2023-31493?

A Remote Code Execution vulnerability exists in ZoneMinder versions up to 1.36.33. An attacker can exploit this flaw by creating a specially crafted .php log file within the language folder, which can subsequently be used to execute arbitrary commands on the affected system. This security breach could lead to unauthorized access and control over the server, potentially compromising sensitive information and functionalities.

References

http://zoneminder.com
https://medium.com/%40dk50u1/rce-remote-code-execution-in...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-31493 : Remote Code Execution Vulnerability in ZoneMinder