Vulnerability Details : CVE-2023-31493
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
Vulnerability category: Execute code
Products affected by CVE-2023-31493
- cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-31493
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-31493
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.6
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
1.8
|
4.7
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-16 |
CWE ids for CVE-2023-31493
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-31493
-
https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370
RCE (Remote Code Execution)in Zoneminder up to 1.36.33 | by dk50u1 | Sep, 2024 | MediumExploit;Third Party Advisory
-
http://zoneminder.com
ZoneMinder - HomeProduct
Jump to