CVE-2023-30854

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-30854

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30854.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-30854

Aliases

GHSA-6vrj-ph27-qfp3

Published

2023-04-28T15:35:59.382Z

Modified

2025-12-04T23:50:38.297029Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

WWBN AVideo vulnerable to OS Command Injection

Details

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30854.json"
}

References

Affected packages

Git / github.com/wwbn/avideo

Affected ranges

Type: GIT
Repo: https://github.com/wwbn/avideo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

25305ffb07b87798db52536cda0329c988e6dac7

Affected versions

10.*

10.4

10.8

Other

11.*

11.1

11.1.1

11.5

11.6

2.*

2.2

2.4

2.7

3.*

3.4

3.4.1

4.*

4.0

4.0.1

4.0.2

5.*

5.0

6.*

6.5

7.*

7.2

7.3

7.4

7.5

7.6

7.7

7.8

8.*

8.1

8.5

8.6

8.7

8.9

8.9.1