CVE-2023-49863

Published: Jan 10, 2024Modified: Nov 4, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter.

Affected (1)

Products: Wwbn: Avideo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wwbn Avideo	All versions

Related CWEs

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.