CVE-2023-31493
MEDIUMZoneMinder <= 1.36.33 - Remote Code Execution via Log File Creation
Title source: llmDescription
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
References (2)
Core 2
Core References
Product
http://zoneminder.com
Exploit, Third Party Advisory
https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370
Scores
CVSS v3
6.6
EPSS
0.0073
EPSS Percentile
49.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
zoneminder/zoneminder
< 1.36.33
Published
Oct 15, 2024
Tracked Since
Feb 18, 2026