{"id":"CVE-2023-31493","details":"RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.","modified":"2026-04-11T12:45:13.418578Z","published":"2024-10-15T15:15:12.393Z","database_specific":{},"references":[{"type":"WEB","url":"http://zoneminder.com"},{"type":"EVIDENCE","url":"https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zoneminder/zoneminder","events":[{"introduced":"0"},{"last_affected":"034ed3e21bad3050373300ab35083c86eda8d690"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.36.33"}],"cpe":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"}}],"versions":["1.32.3","1.34.0","1.36.0","1.36.1","1.36.14","1.36.17","1.36.18","1.36.2","1.36.20","1.36.21","1.36.22","1.36.23","1.36.24","1.36.25","1.36.26","1.36.3","1.36.32","1.36.33","1.36.4","list","v1.25","v1.26.0","v1.26.1","v1.26.2","v1.26.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31493.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}]}