7.5
CVE-2008-1381
- EPSS 1.51%
- Veröffentlicht 01.05.2008 19:05:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zoneminder ≫ Zoneminder Version0.0.1
Zoneminder ≫ Zoneminder Version0.9.7
Zoneminder ≫ Zoneminder Version0.9.8
Zoneminder ≫ Zoneminder Version0.9.9
Zoneminder ≫ Zoneminder Version0.9.10
Zoneminder ≫ Zoneminder Version0.9.11
Zoneminder ≫ Zoneminder Version0.9.12
Zoneminder ≫ Zoneminder Version0.9.13
Zoneminder ≫ Zoneminder Version0.9.14
Zoneminder ≫ Zoneminder Version0.9.15
Zoneminder ≫ Zoneminder Version0.9.16
Zoneminder ≫ Zoneminder Version1.17.0
Zoneminder ≫ Zoneminder Version1.17.1
Zoneminder ≫ Zoneminder Version1.17.2
Zoneminder ≫ Zoneminder Version1.18.0
Zoneminder ≫ Zoneminder Version1.18.1
Zoneminder ≫ Zoneminder Version1.19.0
Zoneminder ≫ Zoneminder Version1.19.1
Zoneminder ≫ Zoneminder Version1.19.2
Zoneminder ≫ Zoneminder Version1.19.3
Zoneminder ≫ Zoneminder Version1.19.4
Zoneminder ≫ Zoneminder Version1.19.5
Zoneminder ≫ Zoneminder Version1.20.0
Zoneminder ≫ Zoneminder Version1.20.1
Zoneminder ≫ Zoneminder Version1.21.0
Zoneminder ≫ Zoneminder Version1.21.1
Zoneminder ≫ Zoneminder Version1.21.2
Zoneminder ≫ Zoneminder Version1.21.3
Zoneminder ≫ Zoneminder Version1.21.4
Zoneminder ≫ Zoneminder Version1.22.0
Zoneminder ≫ Zoneminder Version1.22.1
Zoneminder ≫ Zoneminder Version1.22.2
Zoneminder ≫ Zoneminder Version1.22.3
Zoneminder ≫ Zoneminder Version1.23.0
Zoneminder ≫ Zoneminder Version1.23.1
Zoneminder ≫ Zoneminder Version1.23.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.51% | 0.794 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.