Login Sign Up

CVE-2023-31861

7.5 HIGH

📋 TL;DR

CVE-2023-31861 is a directory traversal vulnerability in ZLMediaKit 4.0 that allows attackers to read arbitrary files outside the intended directory. This affects all systems running ZLMediaKit 4.0 with default configurations. Attackers can exploit this to access sensitive system files.

💻 Affected Systems

Products:
  • ZLMediaKit
Versions: Version 4.0
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of ZLMediaKit 4.0 are vulnerable regardless of configuration.

📦 What is this software?

Zlmediakit by Zlmediakit

View all CVEs affecting Zlmediakit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like /etc/passwd, SSH keys, or configuration files containing credentials.

🟠

Likely Case

Unauthorized access to sensitive application files, configuration data, or user information stored on the server.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH - Directory traversal vulnerabilities are easily exploitable and internet-facing media servers are common targets.
🏢 Internal Only: MEDIUM - Internal attackers could still access sensitive files but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept code exists showing simple HTTP requests with directory traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.0 (check latest release)

Vendor Advisory: https://github.com/ZLMediaKit/ZLMediaKit/security/advisories

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update to latest ZLMediaKit version. 3. Restart ZLMediaKit service. 4. Verify fix with test requests.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to filter directory traversal sequences in request paths

# Configure web server to reject requests with ../ sequences
# Add input validation in application code

File Permission Restriction

linux

Run ZLMediaKit with minimal file system permissions

# Run as non-root user
sudo chown -R zlmediakit:zlmediakit /path/to/media
sudo chmod 750 /path/to/media

🧯 If You Can't Patch

  • Implement WAF rules to block directory traversal patterns
  • Isolate ZLMediaKit server in restricted network segment

🔍 How to Verify

Check if Vulnerable:

Test with HTTP request containing directory traversal like GET /../../etc/passwd

Check Version:

zlmediakit --version or check version in web interface

Verify Fix Applied:

Attempt same traversal requests and verify they return 403/404 errors instead of file contents

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing ../ sequences
  • Access to unexpected file paths
  • 403/404 errors for traversal attempts

Network Indicators:

  • HTTP requests with multiple ../ sequences in URL
  • Unusual file access patterns

SIEM Query:

source="zlmediakit" AND (url="*../*" OR status=403)

📊 Metadata

CVE ID: CVE-2023-31861
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: May 25, 2023
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31861, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)