CVE-2022-33148SQL Injection in Avideo

CWE-89SQL Injection2 documents2 sources
Severity
8.8HIGHNVD
EPSS
2.5%
top 14.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wwbn Avideo
Timeline
PublishedAug 22
Latest updateAug 23

Description

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5wwbn/avideodev master commit 3f7c0364
NVDwwbn/avideo11.6

🔴Vulnerability Details

1
GHSA
GHSA-59vh-4c96-3j7c: A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 112022-08-23