CVE-2023-49715

Name of the Vulnerable Software and Affected Versions WWBN AVideo dev master commit 15fed957fb

Description A vulnerability exists in the import.json.php temporary copy functionality, allowing unrestricted PHP file uploads. This can lead to arbitrary code execution when combined with a Local File Inclusion (LFI) vulnerability. An attacker can exploit this issue by sending specially crafted HTTP requests.

Recommendations As a temporary workaround, consider disabling the import.json.php functionality until a patch is available. Restrict access to the temporary copy functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.