CVE-2013-0332

Description

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.

How to fix CVE-2013-0332

To remediate CVE-2013-0332, upgrade the affected package to a fixed version below.

• Debian/zoneminder—upgrade to 1.25.0-1 or later

Is CVE-2013-0332 being exploited?

Moderate — EPSS is 25.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.25.0-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-0332