CVE-2023-47171

Summary

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

Affected Software

VendorProductVersion RangeStatus
WWBNAVideo11.6affected
WWBNAVideodev master commit 15fed957fbaffected

Weaknesses

  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References