CVE-2008-1381
zoneminder - arbitrary code execution
EPSS 1.5%
Description
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
How to fix CVE-2008-1381
To remediate CVE-2008-1381, upgrade the affected package to a fixed version below.
- Debian/zoneminder—upgrade to 1.23.3-1 or later
- Debian/zoneminder—upgrade to 1.23.2-2+lenny1 or later
Is CVE-2008-1381 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.23.3-1
- from 0, < 1.23.2-2+lenny1