TROYANOSYVIRUS
Retour aux CVEs

CVE-2023-31493

MEDIUM
6.6

Description

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.

Details CVE

Score CVSS v3.16.6
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie10/15/2024
Derniere modification5/27/2025
Sourcenvd
Observations honeypot0

Produits affectes

zoneminder:zoneminder

Faiblesses (CWE)

CWE-94

References

http://zoneminder.com(cve@mitre.org)
https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.