CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

History

21 Nov 2024, 08:33

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 4.3

17 Jan 2024, 15:14

Type Values Removed Values Added
CPE cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 - Exploit, Third Party Advisory
Summary
  • (es) Existe una vulnerabilidad de carga de archivos php sin restricciones en la funcionalidad de copia temporal import.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de código arbitrario cuando se encadena con una vulnerabilidad LFI. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad.
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 8.8
First Time Wwbn avideo
Wwbn

10 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1885', 'source': 'talos-cna@cisco.com'}

10 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 16:15

Updated : 2024-11-21 08:33


NVD link : CVE-2023-49715

Mitre link : CVE-2023-49715

CVE.ORG link : CVE-2023-49715


JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type