CVE-2022-29806
- Source
- https://cve.org/CVERecord?id=CVE-2022-29806
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29806.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-29806
- Downstream
- Published
- 2022-04-26T03:15:08Z
- Modified
- 2026-05-01T04:11:59.327327Z
- Summary
- [none]
- Details
-
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
- Database specific
{ "cna_assigner": "mitre", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29806.json" }- References
-
- http://packetstormsecurity.com/files/166980/ZoneMinder-Language-Settings-Remote-Code-Execution.html
- https://forums.zoneminder.com/viewtopic.php?t=31638
- https://github.com/ZoneMinder/zoneminder/releases/tag/1.36.13
- https://krastanoel.com/cve/2022-29806
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29806.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-29806
- https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb
Affected packages
Git / github.com/zoneminder/zoneminder
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zoneminder/zoneminder
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed