Avideo Security Vulnerabilities and Issues — Avideo CVE List

Lucene search

WwbnAvideo

5 matches found

CVE•added 2022/08/22 7:15 p.m.•53 views

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the sessi...

7.5CVSS7.2AI score0.01188EPSS

CVE•added 2022/08/22 7:15 p.m.•50 views

CVE-2022-32778

7.5CVSS7.3AI score0.01188EPSS

CVE•added 2024/01/10 4:15 p.m.•40 views

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

7.5CVSS7.6AI score0.00775EPSS

CVE•added 2024/01/10 4:15 p.m.•36 views

CVE-2023-49810

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series...

7.3CVSS6.5AI score0.00125EPSS

CVE•added 2020/11/16 6:15 p.m.•34 views

CVE-2020-23490

There was a local file disclosure vulnerability in AVideo

7.5CVSS7.2AI score0.16676EPSS