CVE Vulnerabilities

CVE-2023-49864

Externally Controlled Reference to a Resource in Another Sphere

Published: Jan 10, 2024 | Modified: Jan 16, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURL_image parameter.

Weakness

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Avideo Wwbn dev_master_commit_15fed957fb (including) dev_master_commit_15fed957fb (including)

References