CVE-2023-26038 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-26038

CVE-2023-26038

February 25, 2023

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.

Related Resources (4)

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w

https://nvd.nist.gov/vuln/detail/CVE-2023-26038

https://security-tracker.debian.org/tracker/CVE-2023-26038

https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26038.json

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Untrusted Search Path

CWE-426

EPSS

Base Score:

0.24

Products

Solutions

Resources

Company

Compare

Developer Tools