Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 - Authenticated RCE in motionEye PoC for CVE-...

motionEye <= 0.43.1b4 OS Command Injection Vulnerability

motionEye is prone to an authenticated OS command injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

Exploit for CVE-2025-60787

CVE-2025-60787 CVE-2025-60787 Poc - RCE - MotionEye = 0.43...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the addcamera API. An attacker with admin credentials can execute arbitrary commands within a non-interactive shell environment by constructing a malicious device path. This is only exploitable if the attacker has...

PYSEC-2025-39

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...