{"vulnerability": "ghsa-2mhh-27v7-3vcx", "sightings": [{"uuid": "cb556c2e-c339-4f3a-b3ed-9a5637ef6afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-2MHH-27V7-3VCX", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2821", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32073\n\ud83d\udd39 Description: WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.\n\ud83d\udccf Published: 2023-05-12T13:34:34.164Z\n\ud83d\udccf Modified: 2025-01-23T20:59:41.432Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx\n2. https://github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3", "creation_timestamp": "2025-01-23T21:03:27.000000Z"}, {"uuid": "923c1722-033d-4905-a13b-51f9f42b21ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-2MHH-27V7-3VCX", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/593", "content": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx\nAVideo Authenticated RCE\ncve-2023-30854\n#github", "creation_timestamp": "2023-05-25T09:36:02.000000Z"}]}