2 matches found
CVE-2022-32761
WWBN AVideo 11.6 and the development branch contain an information-disclosure vulnerability in the aVideoEncoderReceiveImage function (commit 3f7c0364). The vulnerability arises when the server-side code uses user-controlled downloadURL_image, which may cause PHP file_get_contents to fetch arbitr...
CVE-2022-32761
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...