CVE-2023-32073

Improper Neutralization of Special Elements used in a Command ('Command Injection') in packagist/wwbn/avideo

Identifiers

GHSA-2mhh-27v7-3vcx, CVE-2023-32073

Package Slug

packagist/wwbn/avideo

Vulnerability

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Description

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.

Affected Versions

All versions up to 12.4

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-05-15

source