Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZoneMinder 输入验证漏洞
Vulnerability Description
ZoneMinder是一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.x版本至1.30.0版本中的web/views/file.php文件存在文件包含漏洞,该漏洞源于程序没有过滤传递到‘readfile()’函数的用户输入。攻击者可借助特制的参数利用该漏洞读取本地文件。
CVSS Information
N/A
Vulnerability Type
N/A