CVE-2008-3882

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

Published: Sep 2, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3882
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
zoneminder / zoneminder	1.21.1	1.21.1.x
zoneminder / zoneminder	1.23.1	1.23.1.x
zoneminder / zoneminder	1.23.0	1.23.0.x
zoneminder / zoneminder	1.19.1	1.19.1.x
zoneminder / zoneminder	1.19.4	1.19.4.x
zoneminder / zoneminder	0.9.11	0.9.11.x
zoneminder / zoneminder	1.21.3	1.21.3.x
zoneminder / zoneminder	1.21.2	1.21.2.x
zoneminder / zoneminder	-	1.23.3.x
zoneminder / zoneminder	0.9.8	0.9.8.x
zoneminder / zoneminder	0.9.10	0.9.10.x
zoneminder / zoneminder	1.18.1	1.18.1.x
zoneminder / zoneminder	1.21.0	1.21.0.x
zoneminder / zoneminder	0.9.9	0.9.9.x
zoneminder / zoneminder	0.9.14	0.9.14.x
zoneminder / zoneminder	1.22.2	1.22.2.x
zoneminder / zoneminder	1.19.3	1.19.3.x
zoneminder / zoneminder	0.0.1	0.0.1.x
zoneminder / zoneminder	1.20.1	1.20.1.x
zoneminder / zoneminder	1.17.1	1.17.1.x
zoneminder / zoneminder	1.22.0	1.22.0.x
zoneminder / zoneminder	1.22.3	1.22.3.x
zoneminder / zoneminder	0.9.16	0.9.16.x
zoneminder / zoneminder	0.9.13	0.9.13.x
zoneminder / zoneminder	1.19.5	1.19.5.x
zoneminder / zoneminder	1.18.0	1.18.0.x
zoneminder / zoneminder	1.23.2	1.23.2.x
zoneminder / zoneminder	1.17.2	1.17.2.x
zoneminder / zoneminder	1.21.4	1.21.4.x
zoneminder / zoneminder	0.9.12	0.9.12.x
zoneminder / zoneminder	1.22.1	1.22.1.x
zoneminder / zoneminder	1.19.0	1.19.0.x
zoneminder / zoneminder	0.9.7	0.9.7.x
zoneminder / zoneminder	1.17.0	1.17.0.x
zoneminder / zoneminder	1.20.0	1.20.0.x
zoneminder / zoneminder	1.19.2	1.19.2.x
zoneminder / zoneminder	0.9.15	0.9.15.x

Vulnerability Database

290,206

CVE-2008-3882