CVE-2024-31819

CVSS 9.8 CRITICALEPSS 15.6%CWE-94

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 15.6%KEV nãoPoC públicaNuclei —Metasploit simPatch —

Lifecycle

27 Mar 2024Public PoC

09 Apr 2024Metasploit module available

10 Apr 2024Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/Chocapikk/CVE-2024-31819★ 5 githubgithub.com/dream434/CVE-2024-31819★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chocapikk.com/posts/2024/cve-2024-31819/https://github.com/Chocapikk/CVE-2024-31819 https://github.com/WWBN/https://github.com/WWBN/AVideo