includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-03-20T15:00:00Z
Updated: 2013-03-20T15:00:00Z
Reserved: 2012-12-06T00:00:00Z
Link: CVE-2013-0232
JSON object: View
NVD Information
Status : Modified
Published: 2013-03-20T15:55:00.910
Modified: 2013-08-29T06:46:18.417
Link: CVE-2013-0232
JSON object: View
Redhat Information
No data.
CWE