Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Command injection is an attack which uses overly trusting user-controlled input, when performing operating system commands from within the application. This allows an attacker to perform unauthorised operating system commands on the target server.
zoneminder/web/skins/classic/views/monitor.php
Line 176 in 18850d8
https://www.owasp.org/index.php/OS_Command_Injection_Defense_Cheat_Sheet
The text was updated successfully, but these errors were encountered:
use json_encode/decode instead of serialize/unserialize to pass onvif…
2024df4
… probe results around. Also clean up some code/ add some missing things. Fixes ZoneMinder#2271 and ZoneMinder#2272
No branches or pull requests
The Issue
Command injection is an attack which uses overly trusting user-controlled input, when performing operating system commands from within the application. This allows an attacker to perform unauthorised operating system commands on the target server.
Where the Issue Occurred
zoneminder/web/skins/classic/views/monitor.php
Line 176 in 18850d8
Remediation
https://www.owasp.org/index.php/OS_Command_Injection_Defense_Cheat_Sheet
The text was updated successfully, but these errors were encountered: