WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction

WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution (RCE) vulnerability was identified in AVideo related to the plugin upload/import functionality. The issue allowed an authenticated administrator to upload a specially crafted ZIP archive containing executable server-side files. Due to insufficient validation of extracted file contents, the archive was extracted directly into a web-accessible plugin directory, allowing arbitrary PHP code execution. This issue has been patched in version 24.0.

N/A

危险类型文件的不加限制上传

WWBN AVideo 代码问题漏洞

WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 24.0之前版本存在代码问题漏洞，该漏洞源于插件上传/导入功能验证不足，可能导致经过身份验证的管理员上传特制ZIP存档并执行任意PHP代码。

N/A

N/A