Tag

#vulnerability-research

2 posts tagged "vulnerability-research".

#vulnerability-research
#camaleon-cms
#command-injection
#cve
#path-traversal
#php
#rce
#ruby
#zoneminder

Two Sinks, One Shell: OS Command Injection in ZoneMinder

ZoneMinder's event export concatenates monitor names directly into shell commands. One unsanitized source, two exec() sinks, and a payload that someone else can trigger for you.

I investigato

June 5, 2026 2 min read

vulnerability-research php command-injection zoneminder rce

I Found a File Read Nobody Was Looking For

A path traversal in Camaleon CMS that only triggers under a weird combination of Rails 8, the Solid trio, and an S3 backend. Found by accident. Reproduced through stubbornness.

I investigato

February 16, 2026 2 min read

cve ruby path-traversal camaleon-cms vulnerability-research