First published: Mon Feb 18 2019(Updated: )
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <1.32.3 | |
<1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-8427.
The severity level of CVE-2019-8427 is critical (9.8).
The affected software for CVE-2019-8427 is ZoneMinder before version 1.32.3.
CVE-2019-8427 allows command injection via shell metacharacters in the daemonControl function of includes/functions.php.
Yes, the fix for CVE-2019-8427 is to upgrade ZoneMinder to version 1.32.3 or newer.