Local File Inclusion: In `web/ajax/modal.php`

Moderate

connortechnology published GHSA-wrx3-r8c4-r24w

Feb 24, 2023

Package

zoneminder

Affected versions

< 1.36.33, < 1.37.33

Patched versions

1.36.33, 1.37.33

Description

Impact

In web/ajax/modal.php, an arbitrary php file path can be passed in the request and loaded:

$modal = validJsStr($_REQUEST['modal']);
@$result = include('modals/'.$modal.'.php');

Patches

Fixed by 6e417c2
Upgrade to 1.36.33 or 1.37.33.

Workarounds

Apply patch manually

Credits

Manfred Paul

Severity

Moderate

5.4

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N