CVE-2020-23489

Published November 16th, 2020

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.

WWBN/AVideo

Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP

GitHub

2.1K