GHSA-2mgx-226x-8pwv

Suggest an improvement
Source
https://github.com/advisories/GHSA-2mgx-226x-8pwv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2mgx-226x-8pwv/GHSA-2mgx-226x-8pwv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2mgx-226x-8pwv
Aliases
Published
2022-05-24T17:34:15Z
Modified
2023-11-01T04:52:33.972965Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
AVideo vulnerable to Improper Privilege Management
Details

The import.json.php file before 8.9 for AVideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, causing certain privilege checks to not be in place, leading to privilege escalation to admin. Local File Inclusion may also leak credentials and important files.

Patches

Upgrade to version 8.9

Database specific
{
    "nvd_published_at": "2020-11-16T18:15:00Z",
    "github_reviewed_at": "2023-02-03T21:55:19Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-269"
    ]
}
References

Affected packages

Packagist / wwbn/avideo

Package

Name
wwbn/avideo
Purl
pkg:composer/wwbn/avideo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.9