CVE-2025-48732

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-48732
Type cve
Published 2025-07-24T15:10:56.720Z
Modified 2025-07-24T15:31:06.971Z

Product Information

Vendor WWBN
Product AVideo
Version 14.4

CVSS Information

Base Score 7.3 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

  • WWBN AVideo 14.4
  • WWBN AVideo dev master commit 8a8954ff

Additional Information

CWE List CWE-184
Source talos

Description

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.