CVE-2023-31493

Name
CVE-2023-31493
Description
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
http://zoneminder.com
https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:zoneminder:zoneminder:-:*:*:*:*:*:*:* zoneminder >= 0 <= 1.36.33

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zoneminder 3.20-community 1.36.33-r5 Kaarle Ritvanen <kunkku@alpinelinux.org> possibly vulnerable