CVE-2008-1381
published 2008-05-01CVE-2008-1381: ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.51%
82.8th percentile
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zoneminder | < zoneminder 1.23.3-1 (bookworm) | zoneminder 1.23.3-1 (bookworm) |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
| zoneminder | zoneminder | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
zoneminder: command injection via unescaped php exec() calls
vendor_redhat·2008-04-27·CVSS 7.5
CVE-2008-1381 [HIGH] zoneminder: command injection via unescaped php exec() calls
zoneminder: command injection via unescaped php exec() calls
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Debian
CVE-2008-1381: zoneminder - ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthe...
vendor_debian·2008·CVSS 7.5
CVE-2008-1381 [HIGH] CVE-2008-1381: zoneminder - ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthe...
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Scope: local
bookworm: resolved (fixed in 1.23.3-1)
bullseye: resolved (fixed in 1.23.3-1)
forky: resolved (fixed in 1.23.3-1)
sid: resolved (fixed in 1.23.3-1)
trixie: resolved (fixed in 1.23.3-1)
GHSA
GHSA-5qh7-p4hh-vm8p: ZoneMinder before 1
ghsa_unreviewed·2022-05-01
CVE-2008-1381 [HIGH] CWE-94 GHSA-5qh7-p4hh-vm8p: ZoneMinder before 1
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
OSV
CVE-2008-1381: ZoneMinder before 1
osv·2008-05-01·CVSS 7.5
CVE-2008-1381 [HIGH] CVE-2008-1381: ZoneMinder before 1
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
No detection rules found.
http://secunia.com/advisories/29995http://secunia.com/advisories/30189http://www.awe.com/mark/blog/200804272230.htmlhttp://www.securityfocus.com/bid/28968http://www.zoneminder.com/wiki/index.php/Change_History#Release_1.23.3https://exchange.xforce.ibmcloud.com/vulnerabilities/42046https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00078.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00085.htmlhttp://secunia.com/advisories/29995http://secunia.com/advisories/30189http://www.awe.com/mark/blog/200804272230.htmlhttp://www.securityfocus.com/bid/28968http://www.zoneminder.com/wiki/index.php/Change_History#Release_1.23.3https://exchange.xforce.ibmcloud.com/vulnerabilities/42046https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00078.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00085.html
2008-05-01
Published