Primary

Context

WWBN AVideo Incomplete Blacklist Vulnerability in .htaccess Sample Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in WWBN AVideo versions 14.4 and the development master commit 8a8954ff, due to an incomplete blacklist in the .htaccess sample. This flaw allows arbitrary code execution through specially crafted HTTP requests. Attackers can exploit this vulnerability by requesting a .phar file, which can be executed on the server.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server.

Remediation

Users can update to the patched version released by the vendor on July 14, 2025.

Added: Jul 24, 2025, 5:30 PM

Updated: Jul 24, 2025, 5:30 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

7.6

remediation

0.0

relevance

0.3

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

7.6

remediation

0.0

relevance

0.3

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WWBN AVideo Incomplete Blacklist Vulnerability in .htaccess Sample Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating