CVE-2008-3882

Description

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

How to fix CVE-2008-3882

To remediate CVE-2008-3882, upgrade the affected package to a fixed version below.

• Debian/zoneminder—upgrade to 1.24.1-1 or later

Is CVE-2008-3882 being exploited?

Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.24.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-3882