CVE-2023-31493

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-31493
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31493.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-31493
Downstream
Published
2024-10-15T15:15:12.393Z
Modified
2026-04-10T04:57:39.784080Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
Summary
[none]
Details

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.

References

Affected packages

Git / github.com/zoneminder/zoneminder

Affected ranges

Type
GIT
Repo
https://github.com/zoneminder/zoneminder
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
034ed3e21bad3050373300ab35083c86eda8d690
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.36.33"
        }
    ]
}

Affected versions

1.*
1.32.3
1.34.0
1.36.0
1.36.1
1.36.14
1.36.17
1.36.18
1.36.2
1.36.20
1.36.21
1.36.22
1.36.23
1.36.24
1.36.25
1.36.26
1.36.3
1.36.32
1.36.33
1.36.4
Other
list
v1.*
v1.25
v1.26.0
v1.26.1
v1.26.2
v1.26.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31493.json"