Описание
AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.
Уязвимые конфигурации
Конфигурация 1Версия до 20.0 (исключая)
cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00117
Низкий
8.8 High
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 8.8
github
около 2 месяцев назад
AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.
EPSS
Процентиль: 31%
0.00117
Низкий
8.8 High
CVSS3
Дефекты
CWE-639