CVE-2008-3882

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/31636	Vendor Advisory
http://www.securityfocus.com/archive/1/495745/100/0/threaded
http://www.securityfocus.com/bid/30843
https://exchange.xforce.ibmcloud.com/vulnerabilities/44728
http://secunia.com/advisories/31636	Vendor Advisory
http://www.securityfocus.com/archive/1/495745/100/0/threaded
http://www.securityfocus.com/bid/30843
https://exchange.xforce.ibmcloud.com/vulnerabilities/44728

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoneminder:zoneminder::::::::
	cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
	cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
	cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*

History

21 Nov 2024, 00:50

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/31636 - Vendor Advisory~~	() http://secunia.com/advisories/31636 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/495745/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/495745/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/30843 -~~	() http://www.securityfocus.com/bid/30843 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/44728 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/44728 -

Information

Published : 2008-09-02 15:41

Updated : 2024-11-21 00:50

NVD link : CVE-2008-3882

Mitre link : CVE-2008-3882

CVE.ORG link : CVE-2008-3882

JSON object : View

Products Affected

zoneminder

zoneminder

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

NVD-CWE-noinfo

10.0 /10