CVE-2023-49715
published 2024-01-10CVE-2023-49715: A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.37%
68.4th percentile
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wwbn | avideo | — | — |
| wwbn | avideo | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
blogs_talos·2024-01-17·CVSS 9.1
[CRITICAL] Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
## Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
Cisco Talos’ Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager.
Cisco ASIG also recently discovered an information disclosure vulnerability in DuoUniversalKeycloakAuthenticator, an authentication solution for Keycloak, an open-source identity and access management solution.
There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adh
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
blogs_talos·2024-01-17·CVSS 9.1
[CRITICAL] Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024
Cisco Talos’ Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager.
Cisco ASIG also recently discovered an information disclosure vulnerability in DuoUniversalKeycloakAuthenticator, an authentication solution for Keycloak, an open-source identity and access management solution.
There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilit
2024-01-10
Published