High severityNVD Advisory· Published Apr 28, 2023· Updated Jan 30, 2025
WWBN AVideo vulnerable to OS Command Injection
CVE-2023-30854
Description
AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wwbn/avideoPackagist | < 12.4 | 12.4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-6vrj-ph27-qfp3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-30854ghsaADVISORY
- github.com/WWBN/AVideo/commit/020415d22f36d93ed865eb61994b49caa0f7f90aghsaWEB
- github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.