CVE-2025-48732
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wwbn | avideo | 14.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to an incomplete blacklist in the .htaccess sample of WWBN AVideo 14.4 and a specific development commit. It allows an attacker to send a specially crafted HTTP request, particularly requesting a .phar file, which can lead to arbitrary code execution on the affected system.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code remotely without any privileges or user interaction, potentially leading to unauthorized control over the affected system, data compromise, or service disruption.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70