prabhatverma47/motionEye-RCE-through-config-parameter

Releases0

Stars2

PoC steps for this vulnerability

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-60787 ↗	Oct 3, 2025Friday, 3 October 2025, 16:16	7.2 HIGH	—
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.