module
ZoneMinder Language Settings Remote Code Execution
| Disclosed |
|---|
| Apr 27, 2022 |
Disclosed
Apr 27, 2022
Description
This module exploits arbitrary file write in debug log file option
chained with a path traversal in language settings that leads to a
remote code execution in ZoneMinder surveillance software versions
before 1.36.13 and before 1.37.11
chained with a path traversal in language settings that leads to a
remote code execution in ZoneMinder surveillance software versions
before 1.36.13 and before 1.37.11
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.