Lucene search

GoogleOSV:CVE-2023-32073

HistoryMay 12, 2023 - 2:15 p.m.

CVE-2023-32073

2023-05-1214:15:10

Google

osv.dev

cve-2023-32073

command injection

remote code execution

clonesite plugin

bypass

cve-2023-30854

patch

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.

CPENameOperatorVersion
avideoeq11.6
avideoeq10.8
avideoeq2.7
avideoeq8.5
avideoeq3.4
avideoeq2.4
avideoeq7.3
avideoeq2.2
avideoeq8.9.1
avideoeq11.5

Name	Operator	Version
avideo	eq	11.6
avideo	eq	10.8
avideo	eq	2.7
avideo	eq	8.5
avideo	eq	3.4
avideo	eq	2.4
avideo	eq	7.3
avideo	eq	2.2
avideo	eq	8.9.1
avideo	eq	11.5

Rows per page:

1-10 of 311

References

github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3

github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for OSV:CVE-2023-32073