CVE-2022-32769

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6

Description Multiple authentication bypass issues exist in the objects id handling functionality. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. This issue exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, enabling them to take over another user's playlists.

Recommendations For version 11.6, consider disabling the Playlists plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the sequential ID handling functionality to minimize the risk of unauthorized access.