2 matches found
CVE-2026-56446 Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP
MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...
DEBIAN-CVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...