Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the `My Videos` tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. `?whoami` then click Save This issue has been resolved in commit `236228f15`
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free