{"vulnerability": "cve-2023-32073", "sightings": [{"uuid": "b599b3e9-60af-43eb-9c69-3f02a2ed6931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-32073", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2821", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32073\n\ud83d\udd39 Description: WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.\n\ud83d\udccf Published: 2023-05-12T13:34:34.164Z\n\ud83d\udccf Modified: 2025-01-23T20:59:41.432Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx\n2. https://github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3", "creation_timestamp": "2025-01-23T21:03:27.000000Z"}, {"uuid": "db2a337c-ea17-4b8d-a9f0-dd92a3b3fef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-32073", "type": "seen", "source": "https://t.me/cibsecurity/64034", "content": "\u203c CVE-2023-32073 \u203c\n\nWWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-12T18:27:23.000000Z"}]}