CVE-2022-28710

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6 and dev master commit 3f7c0364

Description An information disclosure issue exists in the chunkFile functionality, allowing an attacker to read arbitrary files by sending a specially-crafted HTTP request.

Recommendations For version 11.6, update to a version that fixes this issue. For dev master commit 3f7c0364, update to a commit that fixes this issue. As a temporary workaround, consider restricting access to the chunkFile functionality until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610CWE-73

Related Identifiers

CVE-2022-28710

Affected Products

Avideo

CVE-2022-28710

Weakness Enumeration

Related Identifiers

Affected Products

References · 4