CVE-2023-49863

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 10, 2024

Updated: Jan 18, 2024

CWE ID 610

CWE ID 73

Summary

CVE-2023-49863 is an information disclosure vulnerability affecting the aVideoEncoderReceiveImage.json.php script in WWBN AVideo's dev master commit 15fed957fb. A maliciously crafted HTTP request can exploit this flaw, resulting in arbitrary file reading. The vulnerability is triggered through the `downloadURL_webpimage` parameter. This issue could potentially grant attackers access to sensitive data, posing a significant risk to affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toYBx8
https://www.cve.org/CVERecord?id=CVE-2023-49863
https://nvd.nist.gov/vuln/detail/CVE-2023-49863

Back to Vulnerability Database

CVE-2023-49863

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations