CVE-2008-1381

ZoneMinder <1.23.3 - Command Injection

Title source: llm
STIX 2.1

Description

ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.

References (8)

Core 8
Core References
Various Sources x_refsource_misc
http://www.awe.com/mark/blog/200804272230.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00078.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28968
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00085.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29995
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42046
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30189

Scores

EPSS 0.0251
EPSS Percentile 82.9%

Details

CWE
CWE-94
Status published
Products (36)
zoneminder/zoneminder 0.0.1
zoneminder/zoneminder 0.9.7
zoneminder/zoneminder 0.9.8
zoneminder/zoneminder 0.9.9
zoneminder/zoneminder 0.9.10
zoneminder/zoneminder 0.9.11
zoneminder/zoneminder 0.9.12
zoneminder/zoneminder 0.9.13
zoneminder/zoneminder 0.9.14
zoneminder/zoneminder 0.9.15
... and 26 more
Published May 01, 2008
Tracked Since Feb 18, 2026