Zoneminder : Security Vulnerabilities, CVEs, (Directory traversal)
CVE-2022-29806
Public exploit
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Max CVSS
9.8
EPSS Score
38.40%
Published
2022-04-26
Updated
2022-05-06
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
Max CVSS
5.0
EPSS Score
1.43%
Published
2013-03-20
Updated
2013-03-21
2 vulnerabilities found