CVE-2013-0332

ZoneMinder 1.24.x - Path Traversal via View Request or Action Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0332. PoCs published by Metasploit, iye.

AI-analyzed exploit summary This Metasploit module exploits a command execution vulnerability in ZoneMinder Video Server versions 1.24.0 to 1.25.0 by injecting arbitrary commands via the 'runState' parameter in the 'packageControl' function.

Description

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/24310

View Code ZIP pw:eip

This Metasploit module exploits a command execution vulnerability in ZoneMinder Video Server versions 1.24.0 to 1.25.0 by injecting arbitrary commands via the 'runState' parameter in the 'packageControl' function.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ZoneMinder Video Server 1.24.0 to 1.25.0

Auth required

Prerequisites: Valid credentials for ZoneMinder · Network access to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by iye · textwebappsphp

https://www.exploit-db.com/exploits/17593

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Zoneminder 1.24.3, allowing authenticated users to read arbitrary files via path traversal in the 'view' parameter. The vulnerable function 'getSkinFile' in 'functions.php' fails to sanitize user input, enabling directory traversal attacks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Zoneminder 1.24.3

Auth required

Prerequisites: Authenticated user access to the Zoneminder web application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979

Third Party Advisory x_refsource_confirm

http://www.zoneminder.com/wiki/index.php/Change_History

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2640

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/02/21/8

Issue Tracking x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/02/21/9

Scores

EPSS 0.1019

EPSS Percentile 95.1%

Details

CWE

CWE-22

Status published

Products (4)

zoneminder/zoneminder 1.24.0

zoneminder/zoneminder 1.24.1

zoneminder/zoneminder 1.24.2

zoneminder/zoneminder 1.24.3

Published Mar 20, 2013

Tracked Since Feb 18, 2026