CVE-2022-33147

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6

Description A SQL injection issue exists in the ObjectYPT functionality, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter in the aVideoEncoder functionality, which can be used to add new videos. This can be triggered by a specially-crafted HTTP request.

Recommendations For version 11.6, consider restricting access to the aVideoEncoder functionality until a patch is available. As a temporary workaround, avoid using the videoDownloadedLink or duration parameter in the affected functionality to minimize the risk of exploitation.