The vulnerability of the submitIndex.php file of the WWBNIndex plugin for the AVideo audio and video file exchange platform allows a hacker to execute arbitrary code.

🗓️ 23 Jul 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

WWBNIndex submitIndex.php flaw in AVideo enables code execution via crafted POST systemRootPath input.

Reporter	Title	Published	Views	Family All 17
GithubExploit	Exploit for Code Injection in Wwbn Avideo	9 Jun 202408:48	–	githubexploit
GithubExploit	Exploit for Code Injection in Wwbn Avideo	9 Jun 202408:48	–	githubexploit
GithubExploit	Exploit for Code Injection in Wwbn Avideo	27 Mar 202414:41	–	githubexploit
Circl	CVE-2024-31819	9 Apr 202419:18	–	circl
CNNVD	WWBN AVideo 安全漏洞	10 Apr 202400:00	–	cnnvd
CVE	CVE-2024-31819	10 Apr 202400:00	–	cve
Cvelist	CVE-2024-31819	10 Apr 202400:00	–	cvelist
Github Security Blog	WWBN AVideo Remote Code Execution	10 Apr 202421:30	–	github
Metasploit	AVideo WWBNIndex Plugin Unauthenticated RCE	21 May 202419:56	–	metasploit
NVD	CVE-2024-31819	10 Apr 202420:15	–	nvd

Vulners

Node

world_wide_broadcast_network avideoRange12.4–14.2

Source	Link
chocapikk	www.chocapikk.com/posts/2024/cve-2024-31819/
github	www.github.com/Chocapikk/CVE-2024-31819
github	www.github.com/WWBN/
github	www.github.com/WWBN/AVideo
sploitus	www.sploitus.com/exploit
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Jul 2024 00:00Current

6Medium risk

Vulners AI Score6

CVSS 36.3

CVSS 26.5

EPSS0.15635

wwbnindex plugin avideo platform code execution systemRootPath input