exploitDog

CVE-2023-49715

Опубликовано: 10 янв. 2024

Источник: nvd

CVSS3: 4.3

CVSS3: 8.8

EPSS Низкий

Описание

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1885

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00691

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-p45m-r94f-7mf2

CVSS3: 4.3

github

около 2 лет назад

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.

EPSS

Процентиль: 71%

0.00691

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434