CVE-2023-47862 — External Control of File Name or Path in Avideo

CWE-73 — External Control of File Name or Path4 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.9%

top 24.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wwbn Avideo

Timeline

PublishedJan 10

Latest updateJan 17

Description

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5wwbn/avideodev master commit 15fed957fb

▶NVDwwbn/avideo15fed957fb

🔴Vulnerability Details

GHSA

GHSA-jxch-62jx-98vm: A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb↗2024-01-10

▶

🕵️Threat Intelligence

Talos

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024↗2024-01-17

▶

Talos

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024↗2024-01-17

▶