Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0332 — Path Traversal in Zoneminder

CWE-22 — Path Traversal6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

31.1%

top 3.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedMar 20

Latest updateMay 5

Description

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.25.0-1 (bookworm)

▶Debianzoneminder/zoneminder< 1.25.0-1+3

▶NVDzoneminder/zoneminder4 versions+3

🔴Vulnerability Details

GHSA

GHSA-7rvr-83mm-384f: Multiple directory traversal vulnerabilities in ZoneMinder 1↗2022-05-05

▶

OSV

CVE-2013-0332: Multiple directory traversal vulnerabilities in ZoneMinder 1↗2013-03-20

▶

💥Exploits & PoCs

Exploit-DB

ZoneMinder Video Server - packageControl Command Execution (Metasploit)↗2013-01-24

▶

Exploit-DB

ZoneMinder 1.24.3 - Remote File Inclusion↗2011-08-01

▶

📋Vendor Advisories

Debian

CVE-2013-0332: zoneminder - Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 ...↗2013

▶