CVE-2022-34652

Name of the Vulnerable Software and Affected Versions WWBN AVideo version 11.6 WWBN AVideo dev master commit 3f7c0364

Description A SQL injection issue exists in the ObjectYPT functionality, specifically within the Live Schedules plugin. This allows an attacker to inject SQL by manipulating the description parameter in a specially-crafted HTTP request. As a result, an attacker can send an HTTP request to trigger this issue.

Recommendations For WWBN AVideo version 11.6, consider restricting access to the Live Schedules plugin until a fix is available. For WWBN AVideo dev master commit 3f7c0364, avoid using the description parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.