2 matches found
CVE-2022-30547
A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30547
CVE-2022-30547 affects WWBN AVideo 11.6 and dev master commit 3f7c0364. The unzipDirectory function unzips uploaded ZIPs without validating path traversal, allowing arbitrary code execution via crafted archives (e.g., files placed as ../shell.php). Talos confirms vulnerability in aVideoEncoder.un...