Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVideo command injection vulnerability
Vulnerability Description
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
WWBN AVideo 命令注入漏洞
Vulnerability Description
WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 12.4之前版本存在命令注入漏洞,该漏洞源于存在命令注入漏洞,攻击者利用该漏洞可以远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A