Lucene search
GitHub Advisory DatabaseGHSA-PGVH-P3G4-86JWHistoryFeb 02, 2023 - 1:32 a.m.
AVideo contains Command injection when embedding a video link
2023-02-0201:32:42
CWE-79
GitHub Advisory Database
github.com
13
avideo
command injection
video link embedding
remote code execution
my videos tab
embed
query string
security issue
commit 236228f15
software
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.1%
Impact:
An attacker could execute remote code on a system running wwbn/avideo
Step to Reproduce:
- Go to the
My Videostab
https://demo.avideo.com/mvideos
- Click “Embed a video link”
Append a command to the url as a query string. eg. ?whoami
then click Save
This issue has been resolved in commit 236228f15
Affected configurations
Node
wwbnavideoRange<12.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| wwbn/avideo | lt | 12.4 |
Related
osv
osv
CVE-2023-25313
2023-04-25 16:15:09
AVideo contains Command injection when embedding a video link
2023-02-02 01:32:42
nvd
nvd
CVE-2023-25313
2023-04-25 16:15:09
CVE-2023-30842
2023-04-25 22:15:09
veracode
veracode
Arbitrary Code Execution
2023-05-03 15:14:54
cvelist
cvelist
CVE-2023-25313
2023-04-25 00:00:00
cve
cve
CVE-2023-25313
2023-04-25 16:15:09
CVE-2023-30842
2023-04-25 22:15:09
prion
prion
Design/Logic Flaw
2023-04-25 16:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.1%
Related for GHSA-PGVH-P3G4-86JW