CVE-2008-3882 zoneminder

Metadata

critical
10.0
zoneminder
CVE-2008-3882
2017-08-30 05:03
CVE-2008-3882
2017-06-16 18:50
2017-04-01 19:11
2017-02-16 17:03
2017-01-05 20:15

Description

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster zoneminder 1.24.1-1
sid zoneminder 1.24.1-1
wheezy zoneminder 1.24.1-1