CVE-2022-32572 — OS Command Injection in Avideo

CWE-78 — OS Command Injection4 documents3 sources

Severity

8.8HIGHNVD

EPSS

22.9%

top 4.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wwbn Avideo

Timeline

PublishedAug 22

Latest updateAug 23

Description

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5wwbn/avideodev master commit 3f7c0364

▶NVDwwbn/avideo11.6

🔴Vulnerability Details

GHSA

GHSA-g3wj-545m-53g7: An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11↗2022-08-23

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass↗2022-08-16

▶

Talos

Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass↗2022-08-16

▶