CVE-2023-25313: OS Command Injection
First published: Thu Feb 02 2023(Updated: )
Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the `My Videos` tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. `?whoami` then click Save This issue has been resolved in commit `236228f15`
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WWBN AVideo | <12.4 | |
| composer/wwbn/avideo | <12.4 | 12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-pgvh-p3g4-86jw
- alias/CVE-2023-25313
- collector/github-advisory
- agent/event
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/wwbn
- canonical/wwbn avideo
- package-manager/composer