CVE-2023-47862

Published: Jan 10, 2024Modified: Nov 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

Affected (1)

Products: Wwbn: Avideo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wwbn Avideo	Version 15fed957fb

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886

Source: talos-cna@cisco.com

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1886

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.