CVE-2020-23489

HIGH

Avideo <8.9 - Privilege Escalation

Title source: llm

Description

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.

Exploits (1)

nomisec WORKING POC 2 stars

by al-sultani · poc

https://github.com/al-sultani/AVideo3xploit

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://cube01.io/blog/Avideo-Remote-Code-Execution.html

[Patch, Third Party Advisory] https://github.com/WWBN/AVideo/commit/ecc5f40470bbafff231133f58db1df70f47bfb33

Scores

CVSS v3 8.8

EPSS 0.0501

EPSS Percentile 89.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (2)

wwbn/avideo < 8.9

wwbn/avideo 0 - 8.9Packagist

Published Nov 16, 2020

Tracked Since Feb 18, 2026