exploitDog

CVE-2023-49862

Опубликовано: 10 янв. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURL_gifimage parameter.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwbn:avideo:-:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00325

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-73

CWE-610

Связанные уязвимости

GHSA-8vcc-cghx-67pj

CVSS3: 6.5

github

около 2 лет назад

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter.

EPSS

Процентиль: 55%

0.00325

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-73

CWE-610