Lucene search
Veracode Vulnerability DatabaseVERACODE:39602HistoryMar 09, 2023 - 9:24 a.m.
Authentication Bypass
2023-03-0909:24:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
zoneminder
authentication bypass
vulnerability
improper permissions check
shell exec
malicious code
0.967 High
EPSS
Percentile
99.7%
zoneminder is vulnerable to Authentication Bypass. The vulnerability exists due to the improper permissions check on the snapshot action, which trigger ends up calling shell_exec using the supplied Id, allowing an attacker to bypass the authorization mechanism by injecting and executing malicious code.
Related
alpinelinux
alpinelinux
CVE-2023-26035
2023-02-25 02:15:13
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-11-17 18:41:17
nuclei
nuclei
ZoneMinder Snapshots - Command Injection
2023-12-19 16:43:11
cve
cve
CVE-2023-26035
2023-02-25 02:15:13
prion
prion
Remote code execution
2023-02-25 02:15:00
zdt
zdt
ZoneMinder Snapshots Command Injection Exploit
2023-11-14 00:00:00
packetstorm
packetstorm
ZoneMinder Snapshots Command Injection
2023-11-14 00:00:00
ZoneMinder Snapshots Remote Code Execution
2024-03-19 00:00:00
ubuntucve
ubuntucve
CVE-2023-26035
2023-02-25 00:00:00
githubexploit
githubexploit
Exploit for Missing Authorization in Zoneminder
2023-12-11 19:23:13
Exploit for Missing Authorization in Zoneminder
2023-12-24 13:37:39
Exploit for Missing Authorization in Zoneminder
2023-12-13 15:40:24
debiancve
debiancve
CVE-2023-26035
2023-02-25 02:15:13
cvelist
cvelist
CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization
2023-02-25 01:07:01
osv
osv
CVE-2023-26035
2023-02-25 02:15:13
nvd
nvd
CVE-2023-26035
2023-02-25 02:15:13
exploitdb
exploitdb
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
2024-03-18 00:00:00
openvas
openvas
ZoneMinder < 1.36.33, 1.37.x < 1.37.33 Multiple Vulnerabilities
2023-02-27 00:00:00