CVE-2008-3882Code Injection in Zoneminder

CWE-94Code InjectionCWE-77Command InjectionCWE-89SQL InjectionCWE-79Cross-site Scripting6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
4.7%
top 10.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZoneminderDebian Zoneminder
Timeline
PublishedSep 2
Latest updateMay 2

Description

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

debiandebian/zoneminder< zoneminder 1.24.1-1 (bookworm)
Debianzoneminder/zoneminder< 1.24.1-1+3
NVDzoneminder/zoneminder1.23.3+36

🔴Vulnerability Details

2
GHSA
GHSA-cvgp-9gf8-257q: Unspecified "Command Injection" vulnerability in ZoneMinder 12022-05-02
OSV
CVE-2008-3882: Unspecified "Command Injection" vulnerability in ZoneMinder 12008-09-02

📋Vendor Advisories

2
Red Hat
zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881)2008-08-26
Debian
CVE-2008-3882: zoneminder - Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier a...2008

💬Community

1
Bugzilla
zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881)2008-08-27