High severityNVD Advisory· Published Apr 28, 2023· Updated Jan 30, 2025
WWBN AVideo vulnerable to OS Command Injection
CVE-2023-30854
Description
AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wwbn/avideoPackagist | < 12.4 | 12.4 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6vrj-ph27-qfp3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-30854ghsaADVISORY
- github.com/WWBN/AVideo/commit/020415d22f36d93ed865eb61994b49caa0f7f90aghsaWEB
- github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.