CVE-2023-49589

Name of the Vulnerable Software and Affected Versions WWBN AVideo dev master commit 15fed957fb

Description An insufficient entropy issue exists in the userRecoverPass.php recoverPass generation functionality. This can be exploited by sending a specially crafted HTTP request, potentially leading to arbitrary user password recovery.

Recommendations For WWBN AVideo dev master commit 15fed957fb, consider restricting access to the userRecoverPass.php file until a fix is available, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.