CVE-2023-30854

Published April 28th, 2023

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.

WWBN/AVideo

Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP

GitHub

2.1K