CVE-2022-30605
CVE-2022-30605
In short
AVideo 11.6 has a flaw in how it manages user sessions that allows an attacker to trick a logged-in user into sending a specially crafted request, which then gives the attacker higher privileges in the system.
Technical detail
A session fixation or manipulation vulnerability in WWBN AVideo 11.6 (and dev master commit 3f7c0364) enables privilege escalation via crafted HTTP requests. The attack vector requires user interaction (social engineering or CSRF) to trigger privilege elevation. An unauthenticated attacker can exploit this to gain administrative or elevated access.
Summary generated and translated by AI from the official description.
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
WWBN · AVideoWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →