CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

History

21 Nov 2024, 08:33

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 - Exploit, Third Party Advisory

17 Jan 2024, 15:08

Type Values Removed Values Added
CPE cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 - Exploit, Third Party Advisory
Summary
  • (es) Existe una vulnerabilidad de divulgación de información en la funcionalidad image404Raw.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios.
First Time Wwbn avideo
Wwbn
CWE NVD-CWE-noinfo

10 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1881', 'source': 'talos-cna@cisco.com'}

10 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 16:15

Updated : 2024-11-21 08:33


NVD link : CVE-2023-49738

Mitre link : CVE-2023-49738

CVE.ORG link : CVE-2023-49738


JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-73

External Control of File Name or Path

NVD-CWE-noinfo