Motioneye Project: >> Motioneye >> 0.42.1 Security Vulnerabilities
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
CVSS Score
7.2
EPSS Score
0.32
Published
2025-10-03
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
CVSS Score
7.5
EPSS Score
0.898
Published
2022-03-24