Lucene search
CVE-2023-26039
ZoneMinder 1.36.33 and 1.37.33 OS Command Injection via daemonControl(
Show more
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | UBUNTU-CVE-2023-26039 | 25 Feb 202302:15 | – | osv |
| CVE-2023-26039 | 25 Feb 202302:15 | – | osv |
 | Linux Distros Unpatched Vulnerability : CVE-2023-26039 | 5 Mar 202500:00 | – | nessus |
 | CVE-2023-26039 | 25 Feb 202302:15 | – | nvd |
 | CVE-2023-26039 | 25 Feb 202300:00 | – | ubuntucve |
 | CVE-2023-26039 | 25 Feb 202302:15 | – | debiancve |
 | Command injection | 25 Feb 202302:15 | – | prion |
 | CVE-2023-26039 ZoneMinder vulnerable to OS Command injection in daemonControl() API | 25 Feb 202301:31 | – | cvelist |
 | CVE-2023-26039 ZoneMinder vulnerable to OS Command injection in daemonControl() API | 25 Feb 202301:31 | – | vulnrichment |
 | ZoneMinder < 1.36.33, 1.37.x < 1.37.33 Multiple Vulnerabilities | 27 Feb 202300:00 | – | openvas |
10
Node
[
{
"vendor": "ZoneMinder",
"product": "zoneminder",
"versions": [
{
"version": "< 1.36.33",
"status": "affected"
},
{
"version": ">= 1.37.0, < 1.37.33",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| api command | request body | /web/api/app/Controller/HostController.php | OS Command Injection vulnerability allows authenticated users to execute shell commands. | CWE-78 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo25 Feb 2023 02:15Current
8High risk
Vulners AI Score8
CVSS37.1 - 8.8
EPSS0.01413
SSVC