cbcvebase.
CVE-2022-33149
published 2022-08-22

CVE-2022-33149: A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can…

PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.64%
73.4th percentile
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
wwbnavideo
wwbnavideo

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.3HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.