CVE-2023-49862

Name of the Vulnerable Software and Affected Versions WWBN AVideo dev master commit 15fed957fb

Description An information disclosure issue exists in the aVideoEncoderReceiveImage.json.php image upload functionality. A specially crafted HTTP request can lead to arbitrary file read. This issue is triggered by the downloadURL gifimage parameter.

Recommendations As a temporary workaround, consider restricting access to the aVideoEncoderReceiveImage.json.php file until a patch is available. Avoid using the downloadURL gifimage parameter in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.