CVE-2023-49862

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 10, 2024

Updated: Jan 18, 2024

CWE ID 610

CWE ID 73

Summary

CVE-2023-49862 is an information disclosure vulnerability affecting the image upload functionality of WWBN AVideo in the aVideoEncoderReceiveImage.json.php file. This vulnerability, identified in commit 15fed957fb, can be triggered by a crafted HTTP request with a malicious `downloadURL_gifimage` parameter. Successful exploitation allows an attacker to read arbitrary files on the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toYIdi
https://www.cve.org/CVERecord?id=CVE-2023-49862
https://nvd.nist.gov/vuln/detail/CVE-2023-49862

Back to Vulnerability Database

CVE-2023-49862

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations