Avideo@15fed957fb Security Vulnerabilities and Issues — Avideo@15fed957fb CVE List

Lucene search

WwbnAvideo15fed957fb

10 matches found

CVE•added 2024/01/10 4:15 p.m.•42 views

CVE-2023-49599

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, ...

9.8CVSS9.3AI score0.0029EPSS

CVE•added 2024/01/10 4:15 p.m.•40 views

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

7.5CVSS7.6AI score0.00775EPSS

CVE•added 2024/01/10 4:15 p.m.•36 views

CVE-2023-47862

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

9.8CVSS9.3AI score0.00881EPSS

CVE•added 2024/01/10 4:15 p.m.•36 views

CVE-2023-49810

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series...

7.3CVSS6.5AI score0.00125EPSS

CVE•added 2024/01/10 4:15 p.m.•32 views

CVE-2023-48730

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

8.5CVSS6.2AI score0.00352EPSS

CVE•added 2024/01/10 4:15 p.m.•30 views

CVE-2023-49589

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerabil...

8.8CVSS9AI score0.00247EPSS

CVE•added 2024/01/10 4:15 p.m.•29 views

CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP re...

8.8CVSS9.2AI score0.00509EPSS

CVE•added 2024/01/10 4:15 p.m.•28 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

5.3CVSS5.6AI score0.00183EPSS

CVE•added 2024/01/10 4:15 p.m.•24 views

CVE-2023-47861

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabi...

9CVSS5.6AI score0.00344EPSS

CVE•added 2024/01/10 4:15 p.m.•22 views

CVE-2023-47171

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

6.5CVSS6.4AI score0.00309EPSS