Headline
CVE-2023-32073: Authenticated Remote Code Execution fix · WWBN/AVideo@1df4af0
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
- Enterprise
- Teams
- Startups
- Education
By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
Case Studies
- Customer Stories
- Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this organization All GitHub
In this repository All GitHub
Sign in
Sign up
WWBN / AVideo Public
- Notifications
- Fork 944
- Star 1.7k
- Code
- Issues 319
- Pull requests 6
- Actions
- Projects 1
- Wiki
- Security
- Insights
More
Permalink
Browse files
Browse the repository at this point in the history
Authenticated Remote Code Execution fix
- Loading branch information
Daniel Neto committed
May 6, 2023
1 parent 89507b8 commit 1df4af0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions plugin/CloneSite/cloneClient.json.php
Show comments View file
Expand Up
@@ -94,6 +94,7 @@
$json->sqlFile = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i’, '’, $json->sqlFile));
$json->videoFiles = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i’, '’, $json->videoFiles));
$json->photoFiles = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i’, '’, $json->photoFiles));
$objClone->cloneSiteURL = escapeshellarg($objClone->cloneSiteURL);
// get dump file
$cmd = "wget -O {$clonesDir}{$json->sqlFile} {$objClone->cloneSiteURL}videos/cache/clones/{$json->sqlFile}";
Expand Down
0 comments on commit 1df4af0
Please sign in to comment.
Related news
# WWBN AVideo Authenticated RCE A command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for [CVE-2023-30854](https://cve.report/CVE-2023-30854) which affects WWBN Avideo up to version 12.3 ## Vulnerable Code /plugin/CloneSite/cloneClient.json.php ```php $json->sqlFile = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i', '', $json->sqlFile)); $json->videoFiles = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i', '', $json->videoFiles)); $json->photoFiles = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i', '', $json->photoFiles)); // get dump file $cmd = "wget -O {$clonesDir}{$json->sqlFile} {$objClone->cloneSiteURL}videos/cache/clones/{$json->sqlFile}"; $log->add("Clone (2 of {$totalSteps}): Geting MySQL Dump file"); exec($cmd . " 2>&1", $output, $return_val); ``` The `$objClone->cloneSiteURL` is not properly sanitized. ## Exploit Proof-of-Concept avidexploit.py ```python fro...