AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.
References
Link | Resource |
---|---|
https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-28T15:35:59.382Z
Updated: 2023-04-28T15:35:59.382Z
Reserved: 2023-04-18T16:13:15.881Z
Link: CVE-2023-30854
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-28T16:15:10.200
Modified: 2023-05-09T01:14:01.287
Link: CVE-2023-30854
JSON object: View
Redhat Information
No data.
CWE