GHSA-2mhh-27v7-3vcx, CVE-2023-32073
packagist/wwbn/avideo
Improper Neutralization of Special Elements used in a Command ('Command Injection')
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php
which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.
All versions up to 12.4
Unfortunately, there is no solution available yet.
2023-05-15
source |