Lucene search

CVE-2023-26035

🗓️ 25 Feb 2023 02:13:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 40 Media mentions👁 93 Views🌐 WEB

ZoneMinder free, open source CCTV software for Linux, prior versions 1.36.33 and 1.37.33 allow Unauthenticated Remote Code Execution via Missing Authorization

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 23
Rapid7 Blog	Metasploit Weekly Wrap-Up	17 Nov 202318:41	–	rapid7blog
AlpineLinux	CVE-2023-26035	25 Feb 202302:15	–	alpinelinux
Prion	Remote code execution	25 Feb 202302:15	–	prion
0day.today	ZoneMinder Snapshots < 1.37.33 - Unauthenticated Remote Code Execution Exploit	18 Mar 202400:00	–	zdt
0day.today	ZoneMinder Snapshots Command Injection Exploit	14 Nov 202300:00	–	zdt
Packet Storm	ZoneMinder Snapshots Command Injection	14 Nov 202300:00	–	packetstorm
Packet Storm	ZoneMinder Snapshots Remote Code Execution	19 Mar 202400:00	–	packetstorm
Nuclei	ZoneMinder Snapshots - Command Injection	19 Dec 202316:43	–	nuclei
GithubExploit	Exploit for Missing Authorization in Zoneminder	11 Dec 202319:23	–	githubexploit
GithubExploit	Exploit for Missing Authorization in Zoneminder	12 Dec 202314:44	–	githubexploit

Nvd

Vulners

Node

zoneminder zoneminderRange<1.36.33

zoneminder zoneminderRange1.37.00–1.37.33

[
  {
    "vendor": "ZoneMinder",
    "product": "zoneminder",
    "versions": [
      {
        "version": "< 1.36.33",
        "status": "affected"
      },
      {
        "version": ">= 1.37.0, < 1.37.33",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
packetstormsecurity	www.packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html

Parameter	Position	Path	Description	CWE
monitor_ids[0][Id]	request body	/index.php	Unauthenticated remote code execution via missing authorization on the snapshot action in ZoneMinder.	CWE-862
__csrf_magic	request body	/index.php	Unauthenticated remote code execution via missing authorization on the snapshot action in ZoneMinder.	CWE-862

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Feb 2023 02:15Current

8High risk

Vulners AI Score8

CVSS37.2 - 9.8

EPSS0.48924

CWE-862