Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php
Vulnerability Description
AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption. This issue has been patched in version 7.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
AVideo 操作系统命令注入漏洞
Vulnerability Description
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 7.0之前版本存在操作系统命令注入漏洞,该漏洞源于未经身份验证的攻击者可通过向base64Url GET参数注入shell命令替换来执行任意操作系统命令,可能导致完全服务器入侵、数据渗漏和服务中断。
CVSS Information
N/A
Vulnerability Type
N/A