CVE-2020-23489

Name of the Vulnerable Software and Affected Versions Avideo versions prior to 8.9

Description The issue allows for a File Deletion vulnerability via the import.json.php file, enabling the deletion of configuration.php. This results in certain privilege checks not being in place, allowing a user to escalate privileges to admin. Additionally, it may lead to Local File Inclusion, potentially leaking credentials and important files.

Recommendations For versions prior to 8.9, upgrade to version 8.9 to resolve the issue. As a temporary workaround, consider restricting access to the import.json.php file to minimize the risk of exploitation.