PT-2008-5217 · Zoneminder · Zoneminder
Published
2008-09-02
·
Updated
2018-10-11
·
CVE-2008-3882
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ZoneMinder versions 1.23.3 and earlier
Description
The issue allows remote attackers to execute arbitrary commands. This can be achieved via (1) the
executeFilter function in "zm html view events.php" or (2) the run state parameter to "zm html view state.php".Recommendations
For ZoneMinder versions 1.23.3 and earlier, consider disabling the
executeFilter function in "zm html view events.php" and restrict access to the run state parameter in "zm html view state.php" until a patch is available.Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoneminder