CVE-2023-49715
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.
Existe una vulnerabilidad de carga de archivos php sin restricciones en la funcionalidad de copia temporal import.json.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de código arbitrario cuando se encadena con una vulnerabilidad LFI. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-30 CVE Reserved
- 2024-01-10 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2025-01-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wwbn Search vendor "Wwbn" | Avideo Search vendor "Wwbn" for product "Avideo" | 15fed957fb Search vendor "Wwbn" for product "Avideo" and version "15fed957fb" | - |
Affected
| ||||||