CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

CVSS

No CVSS.

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

History

18 Jan 2024, 14:28

Type	Values Removed	Values Added
First Time		Wwbn avideo Wwbn
CPE		cpe:2.3:a:wwbn:avideo:15fed957fb:::::::*
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 - Exploit, Third Party Advisory

12 Jan 2024, 18:15

Type	Values Removed	Values Added
Summary	A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user.	A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

10 Jan 2024, 18:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1897', 'name': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1897', 'tags': [], 'refsource': ''}~~

10 Jan 2024, 16:59

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-10 16:15

Updated : 2024-01-18 14:28

NVD link : CVE-2023-50172

Mitre link : CVE-2023-50172

JSON object : View

Products Affected

wwbn

avideo

CWE

No CWE.

JSON object

Attach tags to CVE-2023-50172

Attach tags to `CVE-2023-50172`