The Fedora security team passed the following URL on to me, which describes an arbitrary command execution vulnerability. Unfortunately this is in the PHP portion of ZM and PHP is not a language I'm particularly good at, so I don't feel up to having a go at fixing it. I haven't been able to find any discussion here about this; they indicated that the ZM folks have been notified but I guess they used the contact form which wouldn't be public.
The exploit requires that you be authenticated first so it's not a huge emergency, but if you provide zoneminder logins to someone you wouldn't trust with root on the underlying server then do be careful.
Users browsing this forum: No registered users and 5 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum