CVE-2023-47171

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6 and dev master commit 15fed957fb

Description An information disclosure issue exists in the aVideoEncoder.json.php chunkFile path functionality. A specially crafted HTTP request can lead to arbitrary file read.

Recommendations For WWBN AVideo version 11.6, update to a version that fixes this issue. For WWBN AVideo dev master commit 15fed957fb, update to a commit that fixes this issue. As a temporary workaround, consider restricting access to the aVideoEncoder.json.php file until a patch is available.