Home > Vulnerability Database > CVE-2022-32768

Mend.io Vulnerability Database

CVE-2022-32768

Date: August 22, 2022

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams.

Language: PHP

Severity Score

4.2

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-32768

Url: https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql

Url: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536

Url: https://www.mend.io/vulnerability-database/CVE-2022-32768

Severity Score

4.2

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-32768

Date: August 22, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?