CVE-2023-31493 Information

Description

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.

Reference

http://zoneminder.com https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370