Vulnerability CVE-2022-27463

Vulnerability CVE-2022-27463

Published: 2022-04-05

Description:

Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
WWBN -> Avideo

References:

https://avideo.tube/

https://github.com/WWBN/AVideo/commit/77e9aa6411ff4b97571eb82e587139ec05ff894c

Copyright 2024, cxsecurity.com