Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
WwbnAvideo

15 matches found

CVE
CVEadded 2022/08/22 7:15 p.m.64 views

CVE-2022-33147

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder fun...

8.8CVSS8.9AI score0.0052EPSS
CVE
CVEadded 2020/11/16 6:15 p.m.56 views

CVE-2020-23489

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.

8.8CVSS8.7AI score0.07078EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.56 views

CVE-2022-33149

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin,...

8.8CVSS8.9AI score0.00568EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.52 views

CVE-2022-34652

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules pl...

8.8CVSS8.9AI score0.00334EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.50 views

CVE-2022-29468

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.

8.8CVSS8.5AI score0.01086EPSS
CVE
CVEadded 2023/05/12 2:15 p.m.49 views

CVE-2023-32073

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to ver...

8.8CVSS9AI score0.57628EPSS
CVE
CVEadded 2023/04/28 4:15 p.m.48 views

CVE-2023-30854

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.

8.8CVSS8.7AI score0.57628EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.45 views

CVE-2022-32282

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.

8.8CVSS8.6AI score0.00124EPSS
CVE
CVEadded 2023/05/08 7:15 p.m.43 views

CVE-2023-30860

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert ma...

8CVSS6AI score0.0325EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.42 views

CVE-2022-33148

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules pl...

8.8CVSS8.9AI score0.00437EPSS
CVE
CVEadded 2022/08/22 7:15 p.m.39 views

CVE-2022-30605

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.

8.8CVSS8.6AI score0.00689EPSS
CVE
CVEadded 2021/02/01 4:15 p.m.34 views

CVE-2021-21286

AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pa...

8.8CVSS8.1AI score0.00265EPSS
CVE
CVEadded 2024/01/10 4:15 p.m.32 views

CVE-2023-48730

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

8.5CVSS6.2AI score0.00352EPSS
CVE
CVEadded 2024/01/10 4:15 p.m.30 views

CVE-2023-49589

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerabil...

8.8CVSS9AI score0.00247EPSS
CVE
CVEadded 2024/01/10 4:15 p.m.29 views

CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP re...

8.8CVSS9.2AI score0.00509EPSS