CVE-2023-32073 HIGH

CVE-2023-32073: AVideo command injection vulnerability

Vendor Wwbn

Product AVideo

Weakness CWE-77

Published May 12, 2023

Last update January 23, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.

Key dates

02Disclosure timeline

May 12, 2023 CVE published

January 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32073 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/77.html

Related vulnerabilities

CVE-2023-32073: AVideo command injection vulnerability

01Description

02Disclosure timeline

03References

04Related CVE