MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| motioneye(PyPI) | 0 | 0.43.1b5 | N/A |
CVSS Metrics
