{"url":"http://public2.vulnerablecode.io/api/packages/63805?format=json","purl":"pkg:composer/wwbn/avideo@12.4.0","type":"composer","namespace":"wwbn","name":"avideo","version":"12.4.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"14.3.0","latest_non_vulnerable_version":"25.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47450?format=json","vulnerability_id":"VCID-dys1-y27f-kybb","summary":"WWBN AVideo Remote Code Execution\nAn issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.","references":[{"reference_url":"https://github.com/WWBN/AVideo","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo"},{"reference_url":"https://github.com/WWBN/AVideo/commit/fcb1f79278684f02ee59130dc0304bd063d9d6d7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/fcb1f79278684f02ee59130dc0304bd063d9d6d7"},{"reference_url":"https://chocapikk.com/posts/2024/cve-2024-31819","reference_id":"CVE-2024-31819","reference_type":"","scores":[],"url":"https://chocapikk.com/posts/2024/cve-2024-31819"},{"reference_url":"https://github.com/Chocapikk/CVE-2024-31819","reference_id":"CVE-2024-31819","reference_type":"","scores":[],"url":"https://github.com/Chocapikk/CVE-2024-31819"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31819","reference_id":"CVE-2024-31819","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31819"},{"reference_url":"https://github.com/advisories/GHSA-mv5w-wr5c-575p","reference_id":"GHSA-mv5w-wr5c-575p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mv5w-wr5c-575p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69734?format=json","purl":"pkg:composer/wwbn/avideo@14.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@14.3.0"}],"aliases":["CVE-2024-31819","GHSA-mv5w-wr5c-575p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dys1-y27f-kybb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46816?format=json","vulnerability_id":"VCID-e1bu-y7rn-wka8","summary":"WWBN AVideo Insufficient Entropy vulnerbaility\nAn insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user.","references":[{"reference_url":"https://github.com/WWBN/AVideo","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo"},{"reference_url":"https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900","reference_id":"","reference_type":"","scores":[],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49599","reference_id":"CVE-2023-49599","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49599"},{"reference_url":"https://github.com/advisories/GHSA-wqcc-qf63-c2x4","reference_id":"GHSA-wqcc-qf63-c2x4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wqcc-qf63-c2x4"}],"fixed_packages":[],"aliases":["CVE-2023-49599","GHSA-wqcc-qf63-c2x4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1bu-y7rn-wka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46818?format=json","vulnerability_id":"VCID-g2er-1sf3-6qad","summary":"Improper Restriction of Excessive Authentication Attempts\nA login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.","references":[{"reference_url":"https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898","reference_id":"","reference_type":"","scores":[],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49810","reference_id":"CVE-2023-49810","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49810"},{"reference_url":"https://github.com/advisories/GHSA-v977-h4hm-rrff","reference_id":"GHSA-v977-h4hm-rrff","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v977-h4hm-rrff"}],"fixed_packages":[],"aliases":["CVE-2023-49810","GHSA-v977-h4hm-rrff"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2er-1sf3-6qad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45179?format=json","vulnerability_id":"VCID-jzaa-2qhr-tkhb","summary":"Improper Neutralization of Special Elements used in a Command ('Command Injection')\nWWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.","references":[{"reference_url":"https://github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32073","reference_id":"CVE-2023-32073","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32073"},{"reference_url":"https://github.com/advisories/GHSA-2mhh-27v7-3vcx","reference_id":"GHSA-2mhh-27v7-3vcx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mhh-27v7-3vcx"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx","reference_id":"GHSA-2mhh-27v7-3vcx","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx"}],"fixed_packages":[],"aliases":["CVE-2023-32073","GHSA-2mhh-27v7-3vcx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzaa-2qhr-tkhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46817?format=json","vulnerability_id":"VCID-vynh-gpdq-2yde","summary":"Weak Password Recovery Mechanism for Forgotten Password\nA recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.","references":[{"reference_url":"https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897","reference_id":"","reference_type":"","scores":[],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50172","reference_id":"CVE-2023-50172","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50172"},{"reference_url":"https://github.com/advisories/GHSA-8m5f-2xvp-2c8w","reference_id":"GHSA-8m5f-2xvp-2c8w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8m5f-2xvp-2c8w"}],"fixed_packages":[],"aliases":["CVE-2023-50172","GHSA-8m5f-2xvp-2c8w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vynh-gpdq-2yde"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45059?format=json","vulnerability_id":"VCID-5mp4-vbnp-9keu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wwbn/avideo.","references":[{"reference_url":"https://github.com/advisories/GHSA-2fch-hv74-fgw9","reference_id":"GHSA-2fch-hv74-fgw9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2fch-hv74-fgw9"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-2fch-hv74-fgw9","reference_id":"GHSA-2fch-hv74-fgw9","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-2fch-hv74-fgw9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63805?format=json","purl":"pkg:composer/wwbn/avideo@12.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dys1-y27f-kybb"},{"vulnerability":"VCID-e1bu-y7rn-wka8"},{"vulnerability":"VCID-g2er-1sf3-6qad"},{"vulnerability":"VCID-jzaa-2qhr-tkhb"},{"vulnerability":"VCID-vynh-gpdq-2yde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0"}],"aliases":["GHSA-2fch-hv74-fgw9","GMS-2023-1195"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mp4-vbnp-9keu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45077?format=json","vulnerability_id":"VCID-b6xv-nkwh-rkgz","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in wwbn/avideo.","references":[{"reference_url":"https://github.com/WWBN/AVideo/commit/020415d22f36d93ed865eb61994b49caa0f7f90a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/020415d22f36d93ed865eb61994b49caa0f7f90a"},{"reference_url":"https://github.com/advisories/GHSA-6vrj-ph27-qfp3","reference_id":"GHSA-6vrj-ph27-qfp3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6vrj-ph27-qfp3"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3","reference_id":"GHSA-6vrj-ph27-qfp3","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63805?format=json","purl":"pkg:composer/wwbn/avideo@12.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dys1-y27f-kybb"},{"vulnerability":"VCID-e1bu-y7rn-wka8"},{"vulnerability":"VCID-g2er-1sf3-6qad"},{"vulnerability":"VCID-jzaa-2qhr-tkhb"},{"vulnerability":"VCID-vynh-gpdq-2yde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0"}],"aliases":["GHSA-6vrj-ph27-qfp3","GMS-2023-1222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6xv-nkwh-rkgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44364?format=json","vulnerability_id":"VCID-m9jh-jgt9-rbeg","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in wwbn/avideo.","references":[{"reference_url":"https://github.com/WWBN/AVideo/commit/236228f15a9a31be5a0e60f05dac043682e49a5e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/commit/236228f15a9a31be5a0e60f05dac043682e49a5e"},{"reference_url":"https://github.com/advisories/GHSA-pgvh-p3g4-86jw","reference_id":"GHSA-pgvh-p3g4-86jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgvh-p3g4-86jw"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw","reference_id":"GHSA-pgvh-p3g4-86jw","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63805?format=json","purl":"pkg:composer/wwbn/avideo@12.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dys1-y27f-kybb"},{"vulnerability":"VCID-e1bu-y7rn-wka8"},{"vulnerability":"VCID-g2er-1sf3-6qad"},{"vulnerability":"VCID-jzaa-2qhr-tkhb"},{"vulnerability":"VCID-vynh-gpdq-2yde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0"}],"aliases":["GHSA-pgvh-p3g4-86jw","GMS-2023-226"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9jh-jgt9-rbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45105?format=json","vulnerability_id":"VCID-uqbe-9pmt-8ket","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wwbn/avideo.","references":[{"reference_url":"https://github.com/advisories/GHSA-xr9h-p2rc-rpqm","reference_id":"GHSA-xr9h-p2rc-rpqm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xr9h-p2rc-rpqm"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm","reference_id":"GHSA-xr9h-p2rc-rpqm","reference_type":"","scores":[],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63805?format=json","purl":"pkg:composer/wwbn/avideo@12.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dys1-y27f-kybb"},{"vulnerability":"VCID-e1bu-y7rn-wka8"},{"vulnerability":"VCID-g2er-1sf3-6qad"},{"vulnerability":"VCID-jzaa-2qhr-tkhb"},{"vulnerability":"VCID-vynh-gpdq-2yde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0"}],"aliases":["CVE-2023-30860","GHSA-xr9h-p2rc-rpqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqbe-9pmt-8ket"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0"}