MotionEye Config Info Disclosure

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. id: CVE-2022-25568 info: name: MotionEye Config Info Disclosure author: DhiyaneshDK severity: high...

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 MotionEye v0.43.1b4 OS Command Injection A pr...

Exploit for OS Command Injection in Motioneye_Project Motioneye

No d...

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 - Authenticated RCE in motionEye PoC for CVE-...

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787: Motioneye Remote Code Execution RCE !CVE...

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 Detection Rules Detection content for CVE-20...

📄 motionEye 0.43.1b4 Remote Command Injection

A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...

📄 motionEye 0.43.1b4 Remote Code Execution

Client-side validation in motionEye's web UI can be bypassed via overriding the JS validation function. Arbitrary values including shell interpolation syntax can be saved into the motion config. When motion is restarted, the motion process interprets the config and can execute shell syntax embedd...

motionEye 0.43.1b4 - RCE

Exploit Title: motionEye 0.43.1b4 - RCE Exploit PoC: motionEye RCE via client-side validation bypass safe PoC Filename: motioneyercepocedb.txt Author: prabhatverma47 Date tested: 2025-05-14 original test; prepared for submission: 2025-10-11 Affected Versions: motionEye = 0.43.1b4 Tested on: Debia...

📄 MotionEye Frontend 0.43.1b4 Command Injection

Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4. ============================================================================================================================================= | Title : MotionEye Frontend 0.43.1b4 RCE | | Author...

Improper Encoding Or Escaping Of Output

MotionEye is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to unsanitized user input in configuration parameters being written to configuration files, which allows an attacker to execute arbitrary commands when the service is restarted...

motionEye Detection (HTTP)

HTTP based detection of motionEye. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.155713";...

motionEye <= 0.43.1b4 OS Command Injection Vulnerability

motionEye is prone to an authenticated OS command injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-J945-QM58-4GJX motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Web UI. An attacker can execute arbitrary system commands by supplying crafted input to configuration fields such as imagefilename and moviefilename, that are written directly to...

Metasploit Wrap-Up 10/17/2025

New module content 1 Remote Code Execution Vulnerability in MotionEye Frontend CVE-2025-60787 Authors: Maksim Rogov and prabhatverma47 Type: Exploit Pull request: 20585 contributed by vognik Path: linux/http/motioneyeauthrcecve202560787 AttackerKB reference: CVE-2025-60787 Description: Adds a...

Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)

This module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to MotionEye Frontend configuration files,...