4 matches found
CVE-2023-26036
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...
Linux Distros Unpatched Vulnerability : CVE-2023-26036
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33...
CVE-2023-26036 ZoneMinder contains Local File Inclusion vulnerability
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via /web/index.php. By controlling $view, any local file...
CVE-2023-26036
ZoneMinder contains a Local File Inclusion via /web/index.php. The root cause is improper sandboxing in detaintPath used to sanitize the $view parameter, allowing crafted paths such as ..././ to be resolved to ../. This can enable execution of local PHP files. The vulnerability affects versions p...