WWBN AVideo Authenticated RCE
WWBN AVideo {currentVersion} Authenticated RCE A command injection vulnerability exists at plugin/CloneSite/cloneClientjsonphp which allows Remote Code Execution if you CloneSite Plugin This is a bypass to the fix for CVE-2023-30854 which affects WWBN Avideo up to version 123 Vulnerable Code /plugin/CloneSite/cloneClientjsonphp $json->sqlFile = escapeshellarg(preg