CVE-2023-31493

CVE-2023-31493

Name

CVE-2023-31493

Description

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	http://zoneminder.com
	https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370

Type

URI

http://zoneminder.com

https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370

Match rules

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:zoneminder:zoneminder:-:::::::*`	zoneminder	>= 0	<= 1.36.33
`cpe:2.3:a:zoneminder:zoneminder::::::::`	zoneminder	>= None	<= 1.36.33

CPE URI

Source package

Min version

Max version

n/a

== n/a

cpe:2.3:a:zoneminder:zoneminder:-:*:*:*:*:*:*:*

zoneminder

>= 0

<= 1.36.33

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

zoneminder

>= None

<= 1.36.33

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zoneminder	edge-community	1.36.33-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.31-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.7-r0	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	possibly vulnerable
zoneminder	edge-community	1.30.2-r3	None	possibly vulnerable
zoneminder	edge-community	1.30.2-r0	None	possibly vulnerable
zoneminder	3.22-community	1.36.33-r0	None	possibly vulnerable
zoneminder	3.22-community	1.36.31-r0	None	possibly vulnerable
zoneminder	3.22-community	1.36.7-r0	None	possibly vulnerable
zoneminder	3.22-community	1.30.2-r3	None	possibly vulnerable
zoneminder	3.22-community	1.30.2-r0	None	possibly vulnerable
zoneminder	3.20-community	1.36.33-r5	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

zoneminder

edge-community

1.36.33-r0

Kaarle Ritvanen <kunkku@alpinelinux.org>

possibly vulnerable

zoneminder

edge-community