Wwbn

Avideo

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-25214

Exploit
  • EPSS 0.36%
  • Veröffentlicht 24.07.2025 15:10:58
  • Zuletzt bearbeitet 03.11.2025 20:17:57

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

9.8

CVE-2025-48732

Exploit
  • EPSS 1.04%
  • Veröffentlicht 24.07.2025 15:10:56
  • Zuletzt bearbeitet 03.11.2025 20:19:07

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

5.4

CVE-2024-34899

Exploit
  • EPSS 0.12%
  • Veröffentlicht 14.05.2024 15:39:37
  • Zuletzt bearbeitet 18.06.2025 17:41:45

WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).

9.8

CVE-2024-31819

Exploit
  • EPSS 80.42%
  • Veröffentlicht 10.04.2024 20:15:08
  • Zuletzt bearbeitet 17.06.2025 20:56:26

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

5.3

CVE-2023-50172

Exploit
  • EPSS 0.15%
  • Veröffentlicht 10.01.2024 16:15:49
  • Zuletzt bearbeitet 04.11.2025 19:16:14

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for ...

6.5

CVE-2023-49864

Exploit
  • EPSS 0.33%
  • Veröffentlicht 10.01.2024 16:15:49
  • Zuletzt bearbeitet 04.11.2025 19:16:10

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is tr...

6.5

CVE-2023-49863

Exploit
  • EPSS 0.33%
  • Veröffentlicht 10.01.2024 16:15:49
  • Zuletzt bearbeitet 04.11.2025 19:16:10

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is tr...

6.5

CVE-2023-49862

Exploit
  • EPSS 0.33%
  • Veröffentlicht 10.01.2024 16:15:48
  • Zuletzt bearbeitet 04.11.2025 19:16:10

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is tr...

6.5

CVE-2023-49810

Exploit
  • EPSS 0.13%
  • Veröffentlicht 10.01.2024 16:15:48
  • Zuletzt bearbeitet 04.11.2025 19:16:09

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute forc...

7.5

CVE-2023-49738

Exploit
  • EPSS 0.78%
  • Veröffentlicht 10.01.2024 16:15:48
  • Zuletzt bearbeitet 04.11.2025 19:16:09

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.