CVE-2023-47171External Control of File Name or Path in Avideo

CWE-73External Control of File Name or Path4 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wwbn Avideo
Timeline
PublishedJan 10
Latest updateJan 17

Description

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5wwbn/avideodev master commit 15fed957fb
NVDwwbn/avideo11.6, 15fed957fb+1

🔴Vulnerability Details

1
GHSA
GHSA-wfjj-3hq8-qwp2: An information disclosure vulnerability exists in the aVideoEncoder2024-01-10

🕵️Threat Intelligence

2
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 20242024-01-17
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 20242024-01-17