CVE-2022-32768

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6

Description Multiple authentication bypass issues exist in the objects id handling functionality. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this issue. This issue exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over another user's streams.

Recommendations For version 11.6, consider disabling the Live Schedules plugin until a patch is available to prevent attackers from bypassing authentication and taking over user streams. At the moment, there is no information about a newer version that contains a fix for this vulnerability.