Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-29806Path Traversal in Zoneminder

CWE-22Path Traversal7 documents6 sources
Severity
9.8CRITICALNVD
OSV6.1
EPSS
77.1%
top 1.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ZoneminderDebian Zoneminder
Timeline
PublishedApr 26
Latest updateFeb 27

Description

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/zoneminder< zoneminder 1.36.13+dfsg1-1 (bookworm)
NVDzoneminder/zoneminder< 1.36.13
Debianzoneminder/zoneminder< 1.36.13+dfsg1-1+2
Ubuntuzoneminder/zoneminder< 1.29.0+dfsg-1ubuntu2+esm1+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
zoneminder vulnerabilities2023-02-27
GHSA
GHSA-xr7v-8xc4-62vc: ZoneMinder before 12022-04-27
OSV
CVE-2022-29806: ZoneMinder before 12022-04-26

💥Exploits & PoCs

1
Metasploit
ZoneMinder Language Settings Remote Code Execution

📋Vendor Advisories

2
Ubuntu
ZoneMinder vulnerabilities2023-02-27
Debian
CVE-2022-29806: zoneminder - ZoneMinder before 1.36.13 allows remote code execution via an invalid language. ...2022